The SAP DB database system supports different roles. A role is a grouping of privileges, which can be assigned to database users, user groups, or other roles.
...
1. A role is created using the CREATE ROLE statement. This role is initially empty. Only database users belonging to database user class DBA are able to create roles . The new role name cannot be the same as the name of any other role, a user, or a user group.
2. Privileges are assigned to a role using the GRANT statement. Privileges can be revoked from a role using the REVOKE statement.
3. A role can be assigned to database users, user groups, or other roles using the GRANT statement and specification of the role name.
4. You use the ALTER_USER- and ALTER_USERGROUP-statement to define which of the roles that were assigned to a user or user group is to be used when a database session is opened.
5.
During a
database session, you can use the SET statement to activate other roles
assigned to the user or user group
If a role is activated during a session, the current user then has all the
privileges that are assigned to a role.
If a password has
been assigned to a role, users assigned to that role can only activate it by
entering the password in the SET statement.
That a role is available and the properties of that role are all registered in the catalog in the form of metadata. A user that creates a role becomes its owner.
The roles assigned to the user or user group as a result of the ALTER USER and ALTER-USERGROUP statements are activated as soon as a database session is opened.
Roles are not active during execution of data definition commands.
See also:
Reference Manual: SAP DB 7.4, Section Role Name