Call now: 252-767-6166  
Oracle Training Oracle Support Development Oracle Apps

 
 Home
 E-mail Us
 Oracle Articles


 Oracle Training
 Oracle Tips

 Oracle Forum
 Class Catalog


 Remote DBA
 Oracle Tuning
 Emergency 911
 RAC Support
 Apps Support
 Analysis
 Design
 Implementation
 Oracle Support


 SQL Tuning
 Security

 Oracle UNIX
 Oracle Linux
 Monitoring
 Remote s
upport
 Remote plans
 Remote
services
 Application Server

 Applications
 Oracle Forms
 Oracle Portal
 App Upgrades
 SQL Server
 Oracle Concepts
 Software Support

 Remote S
upport  
 Development  

 Implementation


 Consulting Staff
 Consulting Prices
 Help Wanted!

 


 Oracle Posters
 Oracle Books

 Oracle Scripts
 Ion
 Excel-DB  

Don Burleson Blog 


 

 

 


 

 

 

 
 

Oracle Roles

Oracle Tips by Burleson Consulting

Managing Oracle Roles

Administration of large numbers of objects can be difficult. Oracle roles allow you to localize the administration of objects. Oracle roles are most helpful when large numbers of users will need the same system and object privileges (which we discussed earlier in this chapter).

Think of an Oracle role like a database user that nobody uses. You create the Oracle role using the create role command. You then grant the Oracle role all of the common privileges that users will require to do their work, like the ability to select, insert, update and delete data from various tables.

Once the Oracle role is all setup, you only need grant the Oracle role to users and all the privileges will be transferred along with that grant. Later, you can add additional privileges to the role if required.

You create an Oracle role with the create role command and then grant the role to the user with the grant command as seen in this command:

SQL> Create role select_data_role;

SQL> Grant select on emp to select_data_role;

SQL> Grant select on dept to select_data_role;

SQL> Grant select on bonus to select_data_role;

You can then grant that Oracle role to other users as in this case where we grant the select_data_role to the ROBERT user role. Once this is done, ROBERT will be able to query the EMP, DEPT and BONUS tables in the SCOTT schema:

SQL> GRANT select_data_role TO Robert;

Oracle roles have some limitations. In particular object privileges are granted through Oracle roles can not be used when writing PL/SQL code. When writing PL/SQL code, you must have direct grants to the objects in the database that your code is accessing.

If you wish to revoke an Oracle role from a user, simply use the revoke command as demonstrated earlier in this chapter:

SQL> REVOKE select_data_role FROM Robert;

Conclusions on Oracle roles

We?ve learned how to not only create a user, but how to use Oracle roles to allow that user to perform different activities.  Without users, a database would certainly perform well, because it would not be able to actually do anything. 

With privileges and Oracle roles, we can be assured that no user has too much ability.

The main points of this chapter include:

* All Oracle objects (tables, indexes) are owned by users.

* By default, only the user who created a table may see the rows.  To allow other users to see rows, the user must grant access privileges.

* Oracle has system privileges that allow global access rights.

* Oracle has object privileges that allow grants to specific tables.

* Any privilege can be removed with the revoke command.

* To simplify security administration you can encapsulate groups of grants into a single Oracle role.

This is an excerpt from the bestselling "Easy Oracle Jumpstart" by Robert Freeman and Steve Karam (Oracle ACE and Oracle Certified Master).  It?s only $19.95 when you buy it directly from the publisher here.

If you like Oracle tuning, you may enjoy the new book "Oracle Tuning: The Definitive Reference", over 900 pages of BC's favorite tuning tips & scripts. 

You can buy it direct from the publisher for 30%-off and get instant access to the code depot of Oracle tuning scripts.


 

 

��  
 
 

 
 
 
 
oracle dba poster
 

 
 
Oracle performance tuning software 
 
Oracle Linux poster
 
 
 

 

Burleson is the American Team

Note: This Oracle documentation was created as a support and Oracle training reference for use by our DBA performance tuning consulting professionals.  Feel free to ask questions on our Oracle forum.

Verify experience! Anyone considering using the services of an Oracle support expert should independently investigate their credentials and experience, and not rely on advertisements and self-proclaimed expertise. All legitimate Oracle experts publish their Oracle qualifications.

Errata?  Oracle technology is changing and we strive to update our BC Oracle support information.  If you find an error or have a suggestion for improving our content, we would appreciate your feedback.  Just  e-mail:  and include the URL for the page.


                    









Burleson Consulting

The Oracle of Database Support

Oracle Performance Tuning

Remote DBA Services


 

Copyright ? 1996 -  2014

All rights reserved by Burleson

Oracle ? is the registered trademark of Oracle Corporation.