|
 |
|
Oracle Tips by Burleson Consulting |
Creating Roles
To implement a role, you first create the
role and then grant system and object privileges to that role. When
you create the role, there are three password options available:
You can set operating system authentication
when the role is created or by using the database initialization
parameters OS_ROLES=TRUE and REMOTE_OS_ROLES=TRUE. Note, however, if
you are using the multithreaded server (MTS) option, you cannot use
operating system authentication for roles.
In order to create a role, you must have the
CREATE ROLE system privilege. You can create roles with Server
Manager or at the command line in SQL*Plus. The command-line syntax
for creating a role is:
See Code Depot
For example:
See Code Depot
To alter a role, you must have the ALTER ANY
ROLE system privilege or have been granted the role with the WITH
ADMIN OPTION. The creator of any role automatically has the WITH
ADMIN OPTION for that role. Note that this command only creates the
role that acts as a tag for later storage of a grants list; it has
no implicit grants. The privileges and grants to a role are made
identically to the method used to grant to users. Roles may also be
granted to other roles in the form of a role hierarchy.
www.dba-oracle.com/oracle_scripts.htm |
