ROLE
SET ROLE allows the session role to be changed during the life of the session.
SET ROLE has the following syntax:
SET ROLE NONE | role [WITH PASSWORD = 'role_password']
If SET ROLE NONE is specified, the session has no role.
If SET ROLE role is specified, the role is set to the indicated role. The user must be authorized to use that role. If the role has a password, the password must be specified using the WITH PASSWORD clause.
If the user is not authorized to use the role or the password is incorrect, the session role is unchanged.
If a role has associated subject privileges or security audit attributes, these are added to the maximum privilege set for the session when the role is activated, and removed from the privilege set when the role is deactivated. Role security audit attributes can increase auditing over the current session value but cannot decrease it.
Last modified date: 08/28/2024