Database Reference
In-Depth Information
Grant succeeded.
SQL> GRANT SELECT ON hr.countries TO c##my_dba;
Grant succeeded.
SQL>
A user can exercise a local system privilege only within the PDB in which it is granted.
Managing Common and Local Roles
A role is a named group of privileges and/or other roles that are created by administrators
or other users. Roles simplify the administration of privileges for individuals and groups of
users. Managing privileges is much easier when you group them into named groups of related
privileges and then grant them to users or other roles. In a non-CDB, a role name may not
have the same name as a username or another role; it must be unique. This is also true within
a PDB. You may use the same role name in different PDBs, but they're independent of each
other. A role is not associated with a specific user schema, so if a user creates a role and then
the user is dropped, the role persists independently of the user who created it.
In the following sections, we will introduce the concept of the role and how to create,
grant, revoke, and drop roles. Once you have a good grasp on what a role is, we'll intro-
duce common and local roles and creating, granting, altering, and revoking common
and local roles.
About Roles
In this section, we will discuss roles in general. Roles are the preferred method for managing
user permissions. You can use Oracle-defined roles and create roles of your own that contain
the privileges that you need to grant to others. Once you understand roles and privileges and
how to manage a user base, you'll truly appreciate the flexibility and usefulness of roles.
You can grant system or object privileges to a role, and you can grant roles to any database
user. You can grant roles to other roles, but circular references are not allowed.
SQL> create role cross_pdb_role;
Role created.
SQL> create role cross_pdb_role2;
Role created.
SQL> create role cross_pdb_role3;
Role created.
Search WWH ::
Custom Search