top of page
CerebroSQL

MySQL: 

SET ROLE

Syntax:
SET ROLE {
DEFAULT
| NONE
| ALL
| ALL EXCEPT role [, role ] ...
| role [, role ] ...
}

SET ROLE modifies the current user's effective privileges within the
current session by specifying which of its granted roles are active.
Granted roles include those granted explicitly to the user and those
named in the mandatory_roles system variable value.

Examples:

SET ROLE DEFAULT;
SET ROLE 'role1', 'role2';
SET ROLE ALL;
SET ROLE ALL EXCEPT 'role1', 'role2';

Each role name uses the format described in
https://dev.mysql.com/doc/refman/8.0/en/role-names.html. The host name
part of the role name, if omitted, defaults to '%'.

Privileges that the user has been granted directly (rather than through
roles) remain unaffected by changes to the active roles.

The statement permits these role specifiers:

o DEFAULT: Activate the account default roles. Default roles are those
specified with SET DEFAULT ROLE.

When a user connects to the server and authenticates successfully,
the server determines which roles to activate as the default roles.
If the activate_all_roles_on_login system variable is enabled, the
server activates all granted roles. Otherwise, the server executes
SET ROLE DEFAULT implicitly. The server activates only default roles
that can be activated. The server writes warnings to its error log
for default roles that cannot be activated, but the client receives
no warnings.

If a user executes SET ROLE DEFAULT during a session, an error occurs
if any default role cannot be activated (for example, if it does not
exist or is not granted to the user). In this case, the current
active roles are not changed.

o NONE: Set the active roles to NONE (no active roles).

o ALL: Activate all roles granted to the account.

o ALL EXCEPT role [, role ] ...: Activate all roles granted to the
account except those named. The named roles need not exist or be
granted to the account.

o role [, role ] ...: Activate the named roles, which must be granted
to the account.

Example

bottom of page