Roles simplify the management of permissions by allowing admins to grant or revoke access for groups of users at a time. Rather than granting permission to an object directly to a user, creating a role allows admins to grant permissions to a role and then assign that role to one or multiple users.
Like users, roles are defined at the organization level. Permissions can then be applied to repositories, projects, schemas, etc. Roles are defined in two parts:
A role is granted permissions to objects.
Users are granted the role.
The following is an example of the creation of a new role:
Once a role has been created, assign the role permissions to access objects. Permissions are discussed in greater detail here. The following example grants permission to a table:
Granting the role a user provides that user the role’s permissions, for example:
Once a role has been defined, you can review the details by using the DESCRIBE command. The screenshot below shows the output of the
describe command within the Magpie notebook.