Documentation Home
MySQL 8.0 Reference Manual
Related Documentation Download this Manual
PDF (US Ltr) - 32.3Mb
PDF (A4) - 32.3Mb
PDF (RPM) - 30.4Mb
HTML Download (TGZ) - 7.8Mb
HTML Download (Zip) - 7.8Mb
HTML Download (RPM) - 6.7Mb
Man Pages (TGZ) - 142.5Kb
Man Pages (Zip) - 201.7Kb
Info (Gzip) - 3.0Mb
Info (Zip) - 3.0Mb


Pre-General Availability Draft: 2017-05-25

14.7.1.11 SET ROLE Syntax

SET ROLE
    {
        DEFAULT
      | NONE
      | ALL
      | ALL EXCEPT role [, role ] ...
      | role [, role ] ...
    }

SET ROLE modifies the current user's effective privileges within the current session by specifying which of its granted roles are active.

Any privileges that the user has been granted directly (rather than through roles) remain unaffected by changes to the active roles.

Each role name uses the format described in Section 7.2.5, “Specifying Role Names”. For example:

SET ROLE DEFAULT;
SET ROLE 'role1', 'role2';
SET ROLE ALL;
SET ROLE ALL EXCEPT 'role1', 'role2';

The host name part of the role name, if omitted, defaults to '%'.

The statement permits these role specifiers:

  • DEFAULT: Set active the account default roles.

    If a user executes SET ROLE DEFAULT during a session, an error occurs if any default role cannot be activated (for example, if it does not exist or is not granted to the user). In this case, the current active roles are not changed.

    The server executes SET ROLE DEFAULT implicitly when a user connects to the server and authenticates successfully, to initialize the session active roles. In this case, the current active roles are those default roles that can be activated. The server writes warnings to its error log for default roles that cannot be activated, but the client receives no warnings.

  • NONE: Set the active roles to NONE (no active roles).

  • ALL: Set active all roles granted to the account.

  • ALL EXCEPT role_list: Set active all roles granted to the account except those named. The named roles need not exist or be granted to the account.

  • role [, role ] ...: Set active the named roles, which must be granted to the account.

Note

SET DEFAULT ROLE and SET ROLE DEFAULT are different statements. The first defines which roles to activate by default within sessions for an account. The second sets the active roles within the current session to the current account default roles.


User Comments
Sign Up Login You must be logged in to post a comment.