I hereby agree to the terms of the CLA available at: https://docs.databend.com/dev/policies/cla/

Summary

Add IS_ROLE_IN_SESSION(role) as a SQL sugar function so row access and masking policy expressions can check whether a role is active in the current session.

The function is rewritten during semantic type checking against the session's effective roles. Effective roles follow the existing secondary-role semantics:

• SET SECONDARY ROLES ALL checks all roles available to the current user.
• SET SECONDARY ROLES NONE checks only the current role and its related roles.
• SET SECONDARY ROLES role_name checks the current role plus the specified secondary role and their related roles.

This enables policies to express role-dependent access using active role hierarchy instead of checking only CURRENT_ROLE().

Tests

• Unit Test
• Logic Test
• Benchmark Test
• No Test - Explain why

Type of change

• Bug Fix (non-breaking change which fixes an issue)
• New Feature (non-breaking change which adds functionality)
• Breaking Change (fix or feature that could cause existing functionality not to work as expected)
• Documentation Update
• Refactoring
• Performance Improvement
• Other (please describe):

This change is