Create roles to group permissions. Roles make it easy to manage access for groups of users.
Built-in System Roles:
| Role | Description |
|---|---|
admin | Full database access |
reader | Read-only access |
writer | Read and write access |
schema_admin | Schema management |
| Statement | Description |
|---|---|
CREATE ROLE | Create a new role |
ALTER ROLE RENAME TO | Rename a role |
ALTER ROLE SET DESCRIPTION | Update role description |
DROP ROLE | Delete a role |
SHOW ROLES | List all roles |
SHOW ROLE | Show specific role details |
GQLCREATE ROLE 'data_reader'
With description:
GQLCREATE ROLE 'schema_manager' DESCRIPTION 'Can modify database schema'
Rename a role:
GQLALTER ROLE 'data_reader' RENAME TO 'analytics_reader'
Update description:
GQLALTER ROLE 'data_reader' SET DESCRIPTION 'Read-only access for analytics'
GQLDROP ROLE 'data_reader'
Use IF EXISTS to avoid errors:
GQLDROP ROLE IF EXISTS 'data_reader'
List all roles:
GQLSHOW ROLES
Result:
| name | description |
|---|---|
| admin | Full database access |
| reader | Read-only access |
| writer | Read and write access |
| schema_admin | Schema management |
Show specific role:
GQLSHOW ROLE admin
