Using Database Roles

There are several steps to using roles:

  1. A superuser creates a role using the CREATE ROLE statement.
  2. A superuser or object owner grants privileges to the role.
  3. A superuser or users with administrator access to the role grant users and other roles access to the role.
  4. Users granted access to the role run the SET ROLE command to make that role active and gain the role's privileges.

You can do steps 2 and 3 in any order. However, granting access to a role means little until the role has privileges granted to it.

Tip: Query system tables ROLES, GRANTS, and USERS to see any directly-assigned roles. Because these tables do not indicate whether a role is available to a user when roles could be available through other roles (indirectly), see the HAS_ROLE() function for additional information.