Roles simplify the management of permissions by allowing admins to grant or revoke access for groups of users at a time. Rather than granting permission to an object directly to a user, creating a role allows admins to grant permissions to a role and then assign that role to one or multiple users.
Like users, roles are defined at the organization level. Permissions can then be applied to repositories, projects, schemas, etc. Roles are defined in two parts:
A role is granted permissions to objects.
Users are granted the role.
The following is an example of the creation of a new role:
create role {
"name": "analyst",
"description": "Users have read permissions to transaction data."
}
Once a role has been created, assign the role permissions to access objects. Permissions are discussed in greater detail here. The following example grants permission to a table:
grant read on table transactions to role analyst
Granting the role a user provides that user the role’s permissions, for example:
grant role analyst to user brendan@silect.is
Once a role has been defined, you can review the details by using the DESCRIBE command. The screenshot below shows the output of the describe command within the Magpie notebook.