Database Reference
In-Depth Information
Figure 23.16
Users Can Only
Enable Roles
Previously Granted
to Them.
All roles assigned to a user start out enabled by default, including roles
with passwords. If you want the user to be required to use the password
before enabling the role, you must remove the role from the user's list of
default roles. The MINIDBA role has a password and has been granted to
ARIEL. Remove this role from ARIEL's default roles.
ALTER USER ARIEL DEFAULT ROLE ALL EXCEPT MINIDBA;
Now connect to ARIEL replacing the variable as usual.
CONNECT ARIEL/MERMAID@OLTP;
ARIEL cannot perform any tasks that need the system privileges found
in the MINIDBA role (such as creating new users), because the role is dis-
abled. She enables the MINIDBA role by using the SET ROLE command,
including the appropriate password.
SET ROLE MINIDBA IDENTIFIED BY DBA#9876;
Note:
Be careful to include all of the roles you wish to enable in your SET
ROLE command.
