GRANT SERVICE ROLE¶
Assigns a service role to an account role, application role, or database role. For more information, see Managing access to service endpoints.
- See also:
Syntax¶
GRANT SERVICE ROLE <name> TO
{
ROLE <role_name> |
APPLICATION ROLE <application_role_name> |
DATABASE ROLE <database_role_name>
}
Parameters¶
nameSpecifies the identifier for the service role to grant. If the identifier contains spaces or special characters, the entire string must be enclosed in double quotes. Identifiers enclosed in double quotes are also case-sensitive.
Specify the service role name in the following format:
service-name!service-role-nameFor example,
echo_service!echoendpoint_role.ROLE role_nameName of the account role to grant the service role to.
APPLICATION ROLE application_role_nameName of the application role to grant the service role to.
DATABASE ROLE database_role_nameName of the database role to grant the service role to.
Access control requirements¶
A role used to execute this SQL command must have the following privileges at a minimum:
Privilege or role |
Object |
Notes |
|---|---|---|
OWNERSHIP |
Service |
Only the service owner can grant the service role. |
For instructions on creating a custom role with a specified set of privileges, see Creating custom roles.
For general information about roles and privilege grants for performing SQL actions on securable objects, see Overview of Access Control.
Examples¶
The following command grants the echoendpoint_role service role defined in the echo_service service specification to the service_function_user_role role.
GRANT SERVICE ROLE echo_service!echoendpoint_role TO ROLE service_function_user_role;