Documentation Home
MySQL 8.0 Reference Manual
Related Documentation Download this Manual
PDF (US Ltr) - 32.3Mb
PDF (A4) - 32.3Mb
PDF (RPM) - 30.4Mb
HTML Download (TGZ) - 7.8Mb
HTML Download (Zip) - 7.8Mb
HTML Download (RPM) - 6.7Mb
Man Pages (TGZ) - 142.5Kb
Man Pages (Zip) - 201.7Kb
Info (Gzip) - 3.0Mb
Info (Zip) - 3.0Mb


MySQL 8.0 Reference Manual  /  ...  /  Specifying Role Names

Pre-General Availability Draft: 2017-05-25

7.2.5 Specifying Role Names

MySQL role names refer to roles, which are named collections of privileges. For role usage examples, see Section 7.3.4, “Using Roles”.

Role names have syntax and semantics similar to account names (Section 7.2.4, “Specifying Account Names”). Role names differ from account names in these respects:

  • The user part of role names cannot be blank. Thus, there is no anonymous role analogous to the concept of anonymous user.

  • As for an account name, omitting the host part of a role name results in a host part of '%'. But unlike '%' in an account name, a host part of '%' in a role name has no wildcard properties. For example, for a name 'me'@'%' used as a role name, the host part ('%') is just a literal value; it has no any host matching property.

  • Netmask notation in the host part of a role name has no significance.

  • An account name is permitted to be CURRENT_USER() in several contexts. A role name is not.

It is possible for a row in the mysql.user system table to serve as both an account and a role. In this case, any special user or host name matching properties do not apply in contexts for which the name is used as a role name. For example, you cannot execute the following statement with the expectation that it will set the current session roles using all roles that have a user part of myrole and any host name:

SET ROLE 'myrole'@'%';

Instead, the statement sets the active role for the session to the role with exactly the name 'myrole'@'%'.

For this reason, role names are often specified using only the user name part and letting the host name part implicitly be '%'. Specifying a role with a non-'%' host part can be useful if you intend to create a name that works both as a role an as a user account that is permitted to connect from the given host.


User Comments
Sign Up Login You must be logged in to post a comment.