Not all privileges can or must be granted to roles, but must or can be granted directly to users. For example:
- System-level privileges. These are for administrators only and must not be granted to other users.
- Object-level privileges that apply to too few users to require creation of a role.
A user automatically has the privilege to grant most privileges on any database object the user owns to any other user or role. This excludes CREATE and DROP privileges, which are not automatic ownership privileges. The CREATE and DROP privileges must be granted directly to a user, and must include the WITH GRANT OPTION clause, before that user can grant these privileges to others.