IT Tutorial IT Tutorial | Oracle DBA | SQL Server, Goldengate, Exadata, Big Data, Data ScienceTutorial
I will explain Oracle Roles & Privileges in this post.
Oracle Roles
If lots of types of users are using the database, you need to classfied the users with the Roles. Because If you use the Roles, then you won’t grant the users one by one, you will only grant the roles not users. When you change the privilige of Role, all users using this role will be effected.
Oracle Roles are used to localize the administration of objects. Oracle roles are most helpful when large numbers of users will need the same system and object privileges
The syntax for creating a role in Oracle is as follows.
CREATE ROLE role_name
[ NOT IDENTIFIED |
IDENTIFIED {BY password | USING [schema.] package | EXTERNALLY | GLOBALLY } ;
The following examples are Oracle-defined roles:
- CONNECT is a role that Enterprise Manager automatically grants to a user when you create a user as shown in “Creating Users”. This role has the CREATE SESSION privilege.
- RESOURCE extends the privileges of a user beyond those granted by the CONNECT role. It includes CREATE PROCEDURE, CREATE TRIGGER, and other system privileges.
- DBA is the standard role that can be granted by an administrator to another administrator. It includes all system privileges and should only be granted to the most trusted and qualified of users. Assigning this role to a user enables the user to administer the database.
The syntax for granting table privileges to a role in Oracle is:
GRANT privileges ON object TO role_name;
The syntax for revoking table privileges from a role in Oracle is:
REVOKE privileges ON object FROM role_name;
- privileges
- The privileges to assign to the role. It can be any of the following values:
Privilege Description SELECT Ability to perform SELECT statements on the table. INSERT Ability to perform INSERT statements on the table. UPDATE Ability to perform UPDATE statements on the table. DELETE Ability to perform DELETE statements on the table. REFERENCES Ability to create a constraint that refers to the table. ALTER Ability to perform ALTER TABLE statements to change the table definition. INDEX Ability to create an index on the table with the create index statement. ALL All privileges on table.
Roles are created and managed by DBAs .
A definition of privilige that can be assigned to users or other roles .
It facilitates compliance and reporting of rules on who , what and how .
Role Creation in Oracle
Now let’s create a role for developers :
CREATE ROLE DEVELOPER_ROLE;
Our role is now ready to grant :
Give the priviliges to the role as follows.
GRANT SELECT ANY TABLE TO DEVELOPER_ROLE;
GRANT UPDATE ANY TABLE,INSERT ANY TABLE TO DEVELOPER_ROLE;
Now let’s give this role to the user named mdrn that we created before and after that mdrn user will have all grants or privileges to be given to developer_role .
GRANT DEVELOPER_ROLE TO MDRN;
For example; You want to create the read_only_users role and all reporting users are granted with this role.
You can create this role and grant any privilige to this role as follows.
SQL> Create role read_only_user; SQL> Grant select any table to read_only_user; SQL> Grant read_only_user to MSDB;
If you want to learn more details about Grant & Priviliges in Oracle, read the following post.
How to Grant and Revoke Privileges | Create and Drop any User in Oracle Database
Do you want to learn Oracle Database for Beginners, then Click and read the following articles.
Oracle Database Tutorials for Beginners ( Junior Oracle DBA )
