Database Reference
In-Depth Information
Figure 23.14
A New Role Does
Not Contain Any
Privileges at First.
CONNECT SYSTEM/password@OLTP;
CREATE ROLE MINIDBA;
CREATE ROLE MUSIC_ACCESS;
The MINIDBA role will be a highly privileged role, thus I am
using the ALTER ROLE command to restrict access using a pass-
word.
ALTER ROLE MINIDBA IDENTIFIED BY DBA#9876;
Note:
The password is the only portion of a role that can be altered. You can
add, change, or remove the password on a role. If you want to change the
name of a role, you must drop and then re-create it with the changed name.
Once roles are created, privileges can be granted to them as if they are
users. Then roles can be granted to users. Once a user has a role granted, he
or she inherits all of the privileges assigned to that role.
23.3.2
Granting and Revoking Privileges on Roles
Granting privileges to a role is exactly the same (syntax-wise) as granting
privileges to a user. Figures 23.5 and 23.9 show the syntax of granting and
revoking privileges to and from roles. Roles can be granted to a user, a role,
or PUBLIC.
Let's grant some privileges. First connect to the SYSTEM user.
