MySQL 8.0 Reference Manual Including MySQL NDB Cluster 8.0

15.7.1.11 SET ROLE Statement

SET ROLE {
    DEFAULT
  | NONE
  | ALL
  | ALL EXCEPT role [, role ] ...
  | role [, role ] ...
}

SET ROLE modifies the current user's effective privileges within the current session by specifying which of its granted roles are active. Granted roles include those granted explicitly to the user and those named in the mandatory_roles system variable value.

Examples:

SET ROLE DEFAULT;
SET ROLE 'role1', 'role2';
SET ROLE ALL;
SET ROLE ALL EXCEPT 'role1', 'role2';

Each role name uses the format described in Section 8.2.5, “Specifying Role Names”. The host name part of the role name, if omitted, defaults to '%'.

Privileges that the user has been granted directly (rather than through roles) remain unaffected by changes to the active roles.

The statement permits these role specifiers:

Note

SET DEFAULT ROLE and SET ROLE DEFAULT are different statements:

  • SET DEFAULT ROLE defines which account roles to activate by default within account sessions.

  • SET ROLE DEFAULT sets the active roles within the current session to the current account default roles.

For role usage examples, see Section 8.2.10, “Using Roles”.