A row in the SYSROLES table represents one of the following:
- A role definition (the result of a CREATE ROLE statement)
- A role grant
The keys for the SYSROLES table are:
- Primary key (GRANTEE, ROLEID, GRANTOR)
- Unique key (UUID)
The following table shows the contents of the SYSROLES system table.
SYSROLES system table
For each column in the SYSROLES system table, this table provides its data type, its length in bytes, whether it is nullable, and a description of its contents.
Column Name
Type
Length
Nullable
Contents
UUID
CHAR
36
false
A unique identifier for this role
ROLEID
VARCHAR
128
false
The role name, after conversion to case normal form
GRANTEE
VARCHAR
128
false
If the row represents a role grant, this is the authorization
identifier of a user or role to which this role is granted. If the row
represents a role definition, this is the database owner's user name.
GRANTOR
VARCHAR
128
false
This is the authorization identifier of the user that granted
this role. If the row represents a role definition, this is the authorization
identifier _SYSTEM. If the row represents a role grant, this is the database
owner's user name (since only the database owner can create and grant roles).
WITHADMINOPTION
CHAR
1
false
A role definition is modelled as a grant from _SYSTEM to the
database owner, so if the row represents a role definition, the value is always
'Y'. This means that the creator (the database owner) is always allowed
to grant the newly created role. Currently roles cannot be granted WITH ADMIN
OPTION, so if the row represents a role grant, the value is always
'N'.
ISDEF
CHAR
1
false
If the row represents a role definition, this value is
'Y'. If the row represents a role grant, the value is 'N'.