Some privileges cannot or should not be granted to roles, but should instead be granted directly to users. Examples include these privileges:
- System-level privileges. These are for administrators only and should not be granted to other users.
- Object-level privileges that apply to too few users to require creation of a role.
A user automatically has the privilege to grant most privileges on any database object the user owns to any other user or role. This excludes CREATE and DROP privileges, which are not automatic ownership privileges. The CREATE and DROP privileges must be granted directly to a user, and must include the WITH GRANT OPTION clause, before that user can grant these privileges to others. For information on ownership privileges, see Security Administration.