Reference and syntax for the GRANT ORGANIZATION ROLE command.
GRANT
can also be used to assign an organization role to another organization role or an identity (login or service account).
org_admin
or a role owner can grant a permission to an organization role. To grant a permission, you must first have that permission granted to you.Parameter | Description |
---|---|
<permission> | The name of the permission to grant to a role. Available permissions vary depending on the object that they apply to. |
<object_type> | The type of object to grant permissions on. |
<object_name> | The name of the object to grant permissions on. |
<role_name> | The name of the organization role to grant the permission to. |
MODIFY
on a single account
The following command grants the MODIFY
privilege on the account-1
account to the role account_manager
, allowing it to modify the account:
MODIFY
on all accounts within the organization
The following command grants the MODIFY
privilege on all accounts in your organization to the role account_manager
, allowing it to modify all the accounts:
CREATE ACCOUNT
on the organization
The following command grants the CREATE ACCOUNT
privilege on your organization to the role account_manager
, allowing it to create new accounts:
Parameter | Description |
---|---|
<role_name> | The name of the role to grant. |
<login_name> | The name of the login to grant <role_name> to. |
<service_account_name> | The name of the service account to grant <role_name> to. |
<role_name_2> | The name of the role to assign the role to. |
role_name
role to role_name_2
, allowing role_name_2
to inherit all the permissions granted to role_name
:
role_name
role to alexs@acme.com
login, allowing it to inherit all the permissions granted to role_name
:
role_name
role to service_account_name
service account, allowing it to inherit all the permissions granted to role_name
: