Setting permissions using roles
Directly managing the accounts for a MariaDB server that has several users can be a pain. We may have 20 users that need permissions to perform the same actions. At some point in time, the structure of the database may change. We will need to update the permissions for 20 users, probably with 20 GRANT
statements. This task is error prone and extremely frustrating.
For this reason, MariaDB 10.0 introduces roles following the SQL:2003 specification. If a set of permissions can be set for a role, instead of a single account, then the role itself can be associated to a set of accounts. Each of these accounts will then be allowed to enable one of the roles it is associated with. From this moment, MariaDB will check the role's permissions to determine whether the user has the right to perform the requested action. If something changes in the database, only the role's permissions will need to be updated.
Roles can be created and dropped with the CREATE ROLE...