Who Can Manage Roles?¶
The following table lists the permissions to perform the actions required to manage roles.
| Action on Roles | CATALOG (all roles) | ROLE |
|---|---|---|
| Ability to see roles page in UI | ALL CREATE_ROLE_AS_OWNER |
Any access level |
| Create Roles | ALL CREATE_ROLE_AS_OWNER |
|
| List Roles | ALL |
Any access level |
| Delete a Role | DROP |
DROP |
| Full administrative actions on a role | ALL |
ALL |
| Grant permissions to a role | ALL |
ALL MANAGE_PERMISSIONS also need WITH GRANT OPTION to grant on objects. |
| Manage groups assigned to a role | ALL |
ALL MANAGE_GROUPS |