Roles define privileges on database objects. A database administrator can create different roles for different job functions and responsibilities, grant specific privileges on database objects to the roles, and then grant membership to the roles to users. Users who are members of a role can access all the objects for which the role has privileges. A role that has roles granted to it cannot be granted to a role.
- CREATE DATABASE
- CREATE ROLE
- CREATE PROFILE
- CREATE USER
- DROP DATABASE
- DROP ROLE
- DROP PROFILE
- DROP USER
- CTCONTROL
Roles cannot be granted on a database or PUBLIC.
To grant role membership to users or other roles, use the GRANT (Role Form) statement.
For more information, see GRANT (Role Form).
The following request grants privileges to a role. In this example, the finance role is granted the privilege to SELECT data from the department table, which is in the personnel database:
GRANT SELECT ON personnel.department TO finance;
All users who are granted membership to the finance role also inherit the privilege to SELECT data from the department table in the personnel database when the role is activated for the user.