SYSROLES system table

The SYSROLES table stores the roles in the database.

A row in the SYSROLES table represents one of the following:

The keys for the SYSROLES table are:
  • Primary key (GRANTEE, ROLEID, GRANTOR)
  • Unique key (UUID)
Column Name Type Length Nullability Contents
UUID CHAR 36 False A unique identifier for this role.
ROLEID VARCHAR 128 False The role name, after conversion to case normal form.
GRANTEE VARCHAR 128 False If the row represents a role grant, this is the authorization identifier of a user or role to which this role is granted. If the row represents a role definition, this is the database owner's user name.
GRANTOR VARCHAR 128 False This is the authorization identifier of the user that granted this role. If the row represents a role definition, this is the authorization identifier _SYSTEM. If the row represents a role grant, this is the database owner's user name (since only the database owner can create and grant roles).
WITHADMINOPTION CHAR 1 False A role definition is modelled as a grant from _SYSTEM to the database owner, so if the row represents a role definition, the value is always 'Y'. This means that the creator (the database owner) is always allowed to grant the newly created role. Currently roles cannot be granted WITH ADMIN OPTION, so if the row represents a role grant, the value is always 'N'.
ISDEF CHAR 1 False If the row represents a role definition, this value is 'Y'. If the row represents a role grant, the value is 'N'.
Related reference
CREATE ROLE statement
SET ROLE statement
DROP ROLE statement
CURRENT_ROLE function