Roles & Permissions (RBAC)

CREATE ROLE analyst;
CREATE ROLE data_engineer;

GRANT SELECT ON orders TO analyst;
GRANT INSERT, UPDATE ON orders TO data_engineer;
GRANT ALL ON orders TO admin;
GRANT EXECUTE ON FUNCTION full_name TO analyst;
GRANT BACKUP ON TENANT acme TO ops_user;

REVOKE INSERT ON orders FROM analyst;

CREATE FUNCTION admin_count() RETURNS INT SECURITY DEFINER
AS BEGIN RETURN (SELECT COUNT(*) FROM audit_log); END;

SHOW GRANTS FOR analyst;
SHOW PERMISSIONS;