FirebirdSQL logo

Assigning Roles

Assigning a role is similar to granting a privilege.One or more roles can be assigned to one or more users, including the user PUBLIC, using one GRANT statement.

The WITH ADMIN OPTION Clause

The optional WITH ADMIN OPTION clause allows the users specified in the user list to grant the role(s) specified to other users or roles.

Caution

It is possible to assign this option to PUBLIC.Do not do this!

For cumulative roles, a user can only exercise the WITH ADMIN OPTION of a secondary role if all intermediate roles are also granted WITH ADMIN OPTION.That is, GRANT ROLEA TO ROLE ROLEB WITH ADMIN OPTION, GRANT ROLEB TO ROLE ROLEC, GRANT ROLEC TO USER USER1 WITH ADMIN OPTION only allows USER1 to grant ROLEC to other users or roles, while using GRANT ROLEB TO ROLE ROLEC WITH ADMIN OPTION allows USER1 to grant ROLEA, ROLEB and ROLEC to other users.

Examples of Role Assignment

  1. Assigning the DIRECTOR and MANAGER roles to the user IVAN:

    GRANT DIRECTOR, MANAGER
      TO USER IVAN;
  2. Assigning the MANAGER role to the user ALEX with the authority to assign this role to other users:

    GRANT MANAGER
      TO USER ALEX WITH ADMIN OPTION;
  3. Assigning the DIRECTOR role to user ALEX as a default role:

    GRANT DEFAULT DIRECTOR
      TO USER ALEX;
  4. Assigning the MANAGER role to role DIRECTOR:

    GRANT MANAGER
      TO ROLE DIRECTOR;
See also

REVOKE

The WITH GRANT OPTION Clause

The optional WITH GRANT OPTION clause allows the users specified in the user list to grant the privileges specified in the privilege list to other users.

Caution

It is possible to assign this option to the user PUBLIC.Do not do this!