| copyright | lastupdated | keywords | subcollection | ||
|---|---|---|---|---|---|
|
2023-06-23 |
Db2whc |
{:external: target="_blank" .external} {:shortdesc: .shortdesc} {:codeblock: .codeblock} {:screen: .screen} {:tip: .tip} {:important: .important} {:note: .note} {:deprecated: .deprecated} {:pre: .pre}
{: #user_roles}
You can define user roles to manage data access at the user level on your {{site.data.keyword.dashdblong}} instance. Users can be added to roles that reflect their job functions and you can enforce data access policies based on their respective roles. {: shortdesc}
User roles can easily be implemented through a series of SQL statements. You can use the SQL editor of the web console. For example, you can create a role for your data science team by running the following SQL statement:
CREATE ROLE DATASCIENCE
Then, if you want to give your data scientists access to sales data, run the following statement:
GRANT SELECT ON TABLE SALESDATA TO ROLE DATASCIENCE
You can repeat the previous statement for all of the tables that you want your data science team to be able to access.
Next, add your data science team to the DATASCIENCE role. Assuming that you have two data scientists, Alice and Bob who exist as users of the database, you can then add them to the DATASCIENCE role by running the following SQL statement:
GRANT ROLE DATASCIENCE TO USER ALICE, USER BOB
Alice and Bob are now able to work on all of the data that is accessible to the DATASCIENCE role.
For more information about user roles in {{site.data.keyword.dashdbshort_notm}}, see User-defined user roles{: external}.