Database Reference
In-Depth Information
Figure 23.12
SYSTEM,
ASSISTANT, and
INTERN Grant
Object Privileges.
Now, only SYSTEM can successfully query the MUSIC.ARTIST table.
Figure 23.13 shows how this works.
Remember that revoked system privileges do not cascade and revoked
object privileges do cascade.
One of the more repetitive DBA tasks is that of granting the proper
privileges to new users and maintaining privileges for all existing users. Very
often, a group of users has identical privileges. The next section shows you
how to take advantage of this with roles. Roles allow groupings of privileges
and subsequent granting of privilege groups with a single granting or revoke
of a role.
23.3
Grouping Privileges Using Roles
A role is a set or grouping of object and/or system privileges that is assigned
a name. Once a role is established, you can grant the role instead of grant-
ing all of the individual privileges to a user. This capability saves a great deal
of time!
Search WWH ::




Custom Search