The following example code shows how to grant a role to a user:
USING OpenEdge.DataAdmin.*.

VAR DataAdminService oDAS. 
VAR IGrantedRole oRole.
VAR LOGICAL lResult = FALSE.

ASSIGN oDAS = NEW DataAdminService(LDBNAME("DICTDB")).

oRole = oDAS:NewGrantedRole(). 
oRole:Role = oDAS:GetRole("TestRole").

IF VALID-OBJECT(oRole:Role) AND VALID-OBJECT(oDAS:GetUser("PSCUser")) THEN DO:
	oRole:Grantee = SUBSTITUTE("&1@&2", oDAS:GetUser("PSCUser"):Name, 
	oDAS:GetUser("PSCUser"):Domain:Name). // Must be a user@domain.
	oRole:CanGrant = false. // Cannot grant to others.
	// Granting Role to PSCUser
	lResult = oDAS:CreateGrantedRole(oRole).
END.

DELETE OBJECT oDAS. 
DELETE OBJECT oRole.
Note: The following table lists the conditions that specify who has the authority to grant roles to a user:
Condition Role granted by…
Security administrator is defined for a connected database
  • Security administrator
  • Grantor having the requisite can-grant permission
Security administrator is not defined for a connected database Grantor having the requisite can-grant permission
For more information on the conditions that specify who can delete granted roles, see Delete granted role using OpenEdge.DataAdmin.*.