CREATE ROLE
CREATE ROLE creates a new role, which is a user account in Materialize.
When you connect to Materialize, you must specify the name of a valid role in the system.
Syntax
| Field | Use |
|---|---|
| role_name | A name for the role. |
| INHERIT | Grants the role the ability to inherit privileges of other roles. |
Details
Unlike PostgreSQL, Materialize derives the LOGIN and SUPERUSER
attributes for a role during authentication, every time that role tries
to connect. Therefore, you cannot specify either
attribute when creating a new role. Additionally, we do not support the
CREATE USER command, because it implies a LOGIN attribute for the role.
Unlike PostgreSQL, Materialize does not currently support NOINHERIT.
You may not specify redundant or conflicting sets of options. For example,
Materialize will reject the statement CREATE ROLE ... INHERIT INHERIT.
Unlike PostgreSQL, Materialize does not use role attributes to determine a role’s ability to create top level objects such as databases and other roles. Instead, Materialize uses system level privileges. See GRANT PRIVILEGE for more details.
When RBAC is enabled a role must have the CREATEROLE system privilege to create another role.
Examples
CREATE ROLE db_reader;
SELECT name FROM mz_roles;
db_reader
mz_system
mz_support
Privileges
The privileges required to execute this statement are:
CREATEROLEprivileges on the system.