CREATE ROLE statement

The CREATE ROLE statement creates a role at the current server.

Invocation for CREATE ROLE

This statement can be embedded in an application program or issued interactively. It is an executable statement that can be dynamically prepared only if DYNAMICRULES RUN behavior is in effect. For more information, see Authorization IDs and dynamic SQL.

Authorization for CREATE ROLE

The privilege set that is defined below must include at least one of the following authorities:

  • SYSADM authority
  • SYSCTRL authority
  • SECADM

Privilege set: If the statement is embedded in an application program, the privilege set is the set of privileges that are held by the owner of the plan or package.

If the statement is dynamically prepared, the privilege set is the set of privileges that are held by the SQL authorization ID of the process or by the role that is associated with the primary authorization ID, if the statement is run in a trusted context and the ROLE AS OBJECT OWNER clause is specified.

Syntax for CREATE ROLE

Read syntax diagramSkip visual syntax diagramCREATE ROLErole-name

Description for CREATE ROLE

role-name
Names the role. The name must not identify a role that exists at the current server. The name must not begin with the characters 'SYS' and must not be 'DBADM', ‘NONE', 'NULL', 'PUBLIC', or 'SECADM'.

Examples for CREATE ROLE

The following statement creates a role named TELLER. 
   CREATE ROLE TELLER;