Role privileges add to any privileges you grant directly to users.
Security constraint privileges and overrides are assigned rather than granted. See Assigning Security Constraints in a CREATE PROFILE Statement.
Granting privileges to roles and then granting role membership to users offers these advantages:
- Standardizes privileges for users with a similar job description
- Reduces the time required to assign the privileges, compared with granting privileges to individual users
- Reduces the time the system takes to check user privileges at logon
You can grant one or more roles to one or more users or roles, therefore:
- A role can have many members.
- A user or role can be a member of more than one role.The database allows only a single level of role nesting, that is, a role that has a member role cannot also be a member of another role. Members of the grantee role (the top level role) also have all the privileges in the nested role
When you grant a privilege to an existing role, it immediately affects any role member for which the role is currently active in a session.