Call now: 252-767-6166  
Oracle Training Oracle Support Development Oracle Apps

 
 Home
 E-mail Us
 Oracle Articles
New Oracle Articles


 Oracle Training
 Oracle Tips

 Oracle Forum
 Class Catalog


 Remote DBA
 Oracle Tuning
 Emergency 911
 RAC Support
 Apps Support
 Analysis
 Design
 Implementation
 Oracle Support


 SQL Tuning
 Security

 Oracle UNIX
 Oracle Linux
 Monitoring
 Remote s
upport
 Remote plans
 Remote
services
 Application Server

 Applications
 Oracle Forms
 Oracle Portal
 App Upgrades
 SQL Server
 Oracle Concepts
 Software Support

 Remote S
upport  
 Development  

 Implementation


 Consulting Staff
 Consulting Prices
 Help Wanted!

 


 Oracle Posters
 Oracle Books

 Oracle Scripts
 Ion
 Excel-DB  

Don Burleson Blog 


 

 

 


 

 

 
 

 "set role" command tips

Oracle Database Tips by Donald BurlesonMay 4, 2015

Question:  I need to understand how to use the Oracle "set role" command and the dbms_session.set_role procedure.  Can you give an example of the set role command and show hot set role is different from granting a role to a user?

 Answer:  The Oracle set role command and the equivalent dbms_session.set_role procedure are used to dynamically grant a role to a user.  See setting roles for a user.

When a user is created, the default for active roles is set to ALL and a user who signs onto Oracle will have all privileges that have been assigned to them via the grant command.   The default ALL means that all the roles granted to a user are active.

The DBA can change this default with an alter user command to revoke roles and a user can enable multiple roles at one time and use the set role command.

The set role command allows you to add or revoke roles at the session level, without effecting the existing roles that are granted to the user.  The following are examples of the set role command:

set role all; -- The default, allow all role privileges that have been granted

set role none; -- For the session, revoke all role privileges

set role my_role identified by my_pass; - Activate a runtime role to the user session

—- Enables and disables named role for session
—- Same as SQL command:

SET ROLE DBMS_SESSION.SET_ROLE (role_cmd VARCHAR2);

The set role command will switch between roles or activate all roles with the command set role all. The set role all command will not work if any of the roles assigned to that user requires either a password or operating system authentication.

Users can look at the session_roles view to find the roles that are currently enabled for them. Users can look at session_privs view to see the privileges available to their session.

If you determine that all control of roles will be at the operating system level, you can set the database initialization parameter os_roles equal to TRUE. All roles must still be created first in the database.

Any grants you previously made using the database command line or Server Manager are still listed in the data dictionary, but they cannot be used and are not in effect.

NOTE: If the use of roles is determined at the operating system level, the multithreaded server option (MTS, shared servers) cannot be used.

Prior to Oracle 11.2.0.4, you can use the max_enabled_roles parameter (deprecated as of 11gr2) in the database initialization file to set the number of roles that you will allow any user to have enabled at one time.

Also see my related notes on the ORA-01924

   
Oracle Training from Don Burleson 

The best on site "Oracle training classes" are just a phone call away! You can get personalized Oracle training by Donald Burleson, right at your shop!

Oracle training
 
 


 

 

Burleson is the American Team

Note: This Oracle documentation was created as a support and Oracle training reference for use by our DBA performance tuning consulting professionals.  Feel free to ask questions on our Oracle forum.

Verify experience! Anyone considering using the services of an Oracle support expert should independently investigate their credentials and experience, and not rely on advertisements and self-proclaimed expertise. All legitimate Oracle experts publish their Oracle qualifications.

Errata?  Oracle technology is changing and we strive to update our BC Oracle support information.  If you find an error or have a suggestion for improving our content, we would appreciate your feedback.  Just  e-mail:  

and include the URL for the page.


                    









Burleson Consulting

The Oracle of Database Support

Oracle Performance Tuning

Remote DBA Services


 

Copyright © 1996 -  2017

All rights reserved by Burleson

Oracle ® is the registered trademark of Oracle Corporation.

Remote Emergency Support provided by Conversational

 

 

��  
 
 
Oracle Training at Sea
 
 
 
 
oracle dba poster
 

 
Follow us on Twitter 
 
Oracle performance tuning software 
 
Oracle Linux poster