Default Roles

An administrator can define a default role to assign to individual users or to the PUBLIC group for a particular database. The default role is automatically applied when a user establishes a connection with the database. This enables a user to connect to a database without issuing a SET ROLE statement.

Each user has whatever privileges are granted to the user individually, as well as the privileges of the default role. A user can switch from the current individual role to the default role using the SET ROLE DEFAULT statement.

If different default roles are assigned to a user and to PUBLIC, the default role of the user takes precedence. If a default role is not assigned to a user, the user only has individually granted and public privileges.

To define and grant privileges for a default role:

1. Choose an existing role in the current database to use as a default role or create the role that you want to use as a default role. Use the CREATE ROLE rolename statement to create a new role in the current database.
2. Use the GRANT statement to grant privileges to the role.
3. Grant the role to a user and set the role as the default user or PUBLIC role, using the syntax GRANT DEFAULT ROLE rolename TO username or GRANT DEFAULT ROLE rolename TO PUBLIC.

Use the REVOKE DEFAULT ROLE statement to disassociate a default role from a user.

A user must use the SET ROLE DEFAULT statement to change any other current role to the default role.

See the IBM Informix Guide to SQL: Syntax for more information on using these statements.