Who Can Manage Roles?¶
The following table lists the permissions to perform the actions required to manage roles.
Action on Roles | CATALOG (all roles) | ROLE |
---|---|---|
Ability to see roles page in UI | ALL CREATE_ROLE_AS_OWNER |
Any access level |
Create Roles | ALL CREATE_ROLE_AS_OWNER |
|
List Roles | ALL |
Any access level |
Full administrative actions on a role | ALL |
ALL |
Grant permissions to a role | ALL |
ALL MANAGE_PERMISSIONS also need WITH GRANT OPTION to grant on objects. |
Manage groups assigned to a role | ALL |
ALL MANAGE_GROUPS |