SHOW ROLESΒΆ
Lists all the roles which you can view across your entire account, including the system-defined roles and any custom roles that exist.
Important
Snowflake allows users to list roles; however, the ability to list roles is not the same as using any role. Knowing the names of roles does not allow any additional access.
This is a part of Discretionary Access Control and Role-Based Access Control. For more information, see Overview of Access Control.
- See also:
SyntaxΒΆ
SHOW ROLES [ LIKE '<pattern>' ]
[ IN CLASS <class_name> ]
[ LIMIT <rows> [ FROM '<name_string>' ] ]
ParametersΒΆ
LIKE 'pattern'Filters the command output by object name. The filter uses case-insensitive pattern matching, with support for SQL wildcard characters (
%and_).For example, the following patterns return the same results:
... LIKE '%testing%' ...... LIKE '%TESTING%' ...IN CLASS class_nameReturns records for the specified class (
class_name).LIMIT rows [ FROM 'name_string' ]Optionally limits the maximum number of rows returned, while also enabling βpaginationβ of the results. The actual number of rows returned night be less than the specified limit (e.g. the number of existing objects is less than the specified limit).
The optional
FROM 'name_string'subclause effectively serves as a βcursorβ for the results. This enables fetching the specified number of rows following the first row whose object name matches the specified string:The string must be enclosed in single quotes and is case-sensitive. In addition, the string does not have to include the full object name; partial names are supported.
Default: No value (no limit is applied to the output).
Usage NotesΒΆ
The command does not require a running warehouse to execute.
To post-process the output of this command, you can use the RESULT_SCAN function, which treats the output as a table that can be queried.
If you specify
CLASS, only the following columns are returned:| created_on | name | comment |
ExamplesΒΆ
Show all roles:
SHOW ROLES;---------------------------------+---------------+------------+------------+--------------+-------------------+------------------+---------------+---------------+--------------------------+ created_on | name | is_default | is_current | is_inherited | assigned_to_users | granted_to_roles | granted_roles | owner | comment | ---------------------------------+---------------+------------+------------+--------------+-------------------+------------------+---------------+---------------+--------------------------+ Fri, 05 Dec 2014 16:25:06 -0800 | ACCOUNTADMIN | Y | Y | N | 1 | 0 | 2 | | | Mon, 15 Dec 2014 17:58:33 -0800 | ANALYST | N | N | N | 0 | 6 | 0 | SECURITYADMIN | Data analyst | Fri, 05 Dec 2014 16:25:06 -0800 | PUBLIC | N | N | Y | 0 | 0 | 0 | | | Fri, 05 Dec 2014 16:25:06 -0800 | SECURITYADMIN | N | N | Y | 0 | 1 | 0 | | | Fri, 05 Dec 2014 16:25:06 -0800 | SYSADMIN | N | N | Y | 5 | 1 | 2 | | | ---------------------------------+---------------+------------+------------+--------------+-------------------+------------------+---------------+---------------+--------------------------+
In this example:
The ACCOUNTADMIN system-defined role is the current role and default role for the current (i.e. logged-in) user.
In addition to the four system-defined roles, one custom role (ANALYST) has been created. The role is owned by the SECURITYADMIN system-defined role.
Return up to ten account roles in the account after the first role named my_role2:
SHOW ROLES LIMIT 10 FROM 'my_role2';