CREATE ROLE
CREATE ROLE
creates a new role, which is a user account in Materialize.
When you connect to Materialize, you must specify the name of a valid role in the system.
Syntax
Field | Use |
---|---|
role_name | A name for the role. |
INHERIT | Grants the role the ability to inherit privileges of other roles. |
Details
Unlike PostgreSQL, Materialize derives the LOGIN
and SUPERUSER
attributes for a role during authentication, every time that role tries
to connect. Therefore, you cannot specify either
attribute when creating a new role. Additionally, we do not support the
CREATE USER
command, because it implies a LOGIN
attribute for the role.
Unlike PostgreSQL, Materialize does not currently support NOINHERIT
.
You may not specify redundant or conflicting sets of options. For example,
Materialize will reject the statement CREATE ROLE ... INHERIT INHERIT
.
Unlike PostgreSQL, Materialize does not use role attributes to determine a role’s ability to create top level objects such as databases and other roles. Instead, Materialize uses system level privileges. See GRANT PRIVILEGE for more details.
When RBAC is enabled a role must have the CREATEROLE
system privilege to create another role.
Examples
CREATE ROLE db_reader;
SELECT name FROM mz_roles;
db_reader
mz_system
mz_support
Privileges
The privileges required to execute this statement are:
CREATEROLE
privileges on the system.