Database Reference
In-Depth Information
Role created.
SQL>
By default, a role is created without a password, as in this example.
SQL> CREATE ROLE webviewer;
Role created.
SQL>
Granting and Revoking Roles
A user with the GRANT ANY ROLE system privilege (
SYS
and
SYSTEM
, for example) can
grant or revoke any role except a global role to or from other users or roles of the database.
You can grant system or object privileges or roles that you have the ADMIN OPTION
on to a role or other users. The ADMIN OPTION allows administrative powers to be del-
egated. As mentioned previously, circular references are not allowed. Roles are granted by
executing the
GRANT
statement and revoked by using the
REVOKE
statement. You also grant
privileges to roles and revoke privileges from roles.
Use the
SET ROLE
statement to enable a secure role for a session. You cannot grant a pass-
word-authenticated, aka secured, role that has been created or altered by the
IDENTIFIED BY
,
IDENTIFIED USING
, or
IDENTIFIED EXTERNALLY
clause to a non-secure role.
Dropping Roles
You drop a role by executing the
DROP ROLE
SQL statement. You must have been granted
the role with the ADMIN option or been granted the DROP ANY ROLE system privilege.
When you drop a role the associated privileges and indirectly granted roles are immediately
removed and reflected in that the user and roles that were granted the role will no longer
have those privileges. Dropping a role automatically removes the role from the
DBA_ROLES
,
USER_ROLES
, and
ROLE_ROLE_PRIVS
views.
Dropping a role has no impact on the underlying objects that were granted access to
through privileges within the role. The following statement drops the role WEBVIEWER:
SQL> DROP ROLE webviewer;
Role dropped.
SQL>
Search WWH ::
Custom Search