The SAP DB database system supports different roles. A role is a group of privileges that you can assign to
database users, user groups, or other roles by specifying a role name in the GRANT statement.When the CREAT ROLE statement has been executed, the role is initially empty. The privileges must be assigned to the role using the GRANT statement.
That a role is available and the properties of that role are all registered in the catalog in the form of metadata. A user that creates a role becomes its owner.
Only database users belonging to database user class
DBA are able to create roles.The new role name cannot be the same as the name of any other role, a user, or a user group.
You can assign roles to a user or user group by using the ALTER USER or ALTER USERGROUP statement. The roles are active as soon as a
database session is opened. Alternatively, you can activate roles during a session using the SET statement. If you activate a role during a session, the current session user has all the privileges assigned to that role.If a password has been assigned to a role, users assigned to that role can only activate it by entering the password in the SET statement.
Roles are not active when executing data definition commands.
See also:
Reference Manual: SAP DB 7.2 and 7.3
, section Basic elements ® Names ®