The DBA or the owner of the database can issue the GRANT DEFAULT ROLE statement to assign an existing role as the default role to a specified list of users or to PUBLIC. Unlike a non-default role, the default role takes effect automatically when the user connects to the database, and does not require the SET ROLE statement to enable it. Each of the three statements in next example respectively performs one of the following operations on a role:
EXEC SQL CREATE ROLE 'Engineer'; EXEC SQL GRANT SELECT ON locomotives TO 'Engineer'. EXEC SQL GRANT DEFAULT ROLE 'Engineer' TO jgould.
If jgould subsequently uses the SET ROLE statement to enable some other role, then by executing the following statement, jgould replaces that role with Engineer as the current role:
SET ROLE DEFAULT;
If you have no default role, SET ROLE DEFAULT makes NONE your current role, leaving only the privileges that have been granted explicitly to your username or to PUBLIC. After GRANT DEFAULT ROLE changes your default role to a new default role, executing SET ROLE DEFAULT restores your most recently granted default role, even if this role was not your default role when you connected to the database.
If one default role is granted to PUBLIC, but a different role is granted as the default role to an individual user, the individually-granted default role takes precedence if that user issues SET ROLE DEFAULT or connects to the database.
Related statements: CREATE ROLE, DROP ROLE , GRANT, and REVOKE
For a discussion of how to use roles, see the IBM Informix Guide to SQL: Tutorial.