CREATE ROLE - Amazon Redshift
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).


Creates a new custom role that is a collection of permissions. For a list of Amazon Redshift system-defined roles, see Amazon Redshift system-defined roles. Query SVV_ROLES to view the currently created roles in your cluster or workgroup.

There is a quota of the number of roles that can be created. For more information, see Quotas and limits in Amazon Redshift in the Amazon Redshift Management Guide.

Required permissions

Following are the required privileges for CREATE ROLE.

  • Superuser

  • Users with the CREATE ROLE privilege


CREATE ROLE role_name [ EXTERNALID external_id ]



The name of the role. The role name must be unique and can't be the same as any user names. A role name can't be a reserved word.

A superuser or regular user with the CREATE ROLE privilege can create roles. A user that is not a superuser but that has been granted USAGE to the role WITH GRANT OPTION and ALTER privilege can grant this role to anyone.

EXTERNALID external_id

The identifier for the role, which is associated with an identity provider. For more information, see Native identity provider (IdP) federation for Amazon Redshift.


The following example creates a role sample_role1.

CREATE ROLE sample_role1;

The following example creates a role sample_role1, with an external ID that is associated with an identity provider.