Role privileges add to any privileges you grant directly to users.
Security constraint privileges and overrides are assigned rather than granted.
Granting privileges to roles and then granting role membership to users offers these advantages:
- Standardizes privileges for users with a similar job description
- Reduces the time required to assign the privileges, compared with granting privileges to individual users
- Reduces the time the system takes to check user privileges at logon
You can grant one or more roles to one or more users or roles, therefore:
- A role can have multiple members.
- A user or role can be a member of more than one role.The database allows only a single level of role nesting, that is, a role that has a member role cannot also be a member of another role. Members of the grantee role (the top level role) also have all the privileges in the nested role
Granting a privilege to an existing role immediately affects any role member for which the role is currently active in a session.
Do the following to set up roles to manage user privileges:
- Create roles, as shown in Create User Roles.
- Grant privileges to each role, as shown in Grant Privileges to a Role.
- Grant role membership to users, as shown in Grant User Membership in a Role.
Not every privilege can be granted to a role. You must grant those privileges directly to a user. For information, see Granting Privileges Directly to Users.
- User Types and Minimum Required Privileges
- Types of Privileges
- Limitations on Using Roles
- Create User Roles
- When to Grant Privileges to a Role
- Grant Privileges to a Role
- Grant User Membership in a Role
- Dropping a Role
- Defining the Default Role for a User
- Assigning the Default Role
- Dropping the Default Role