Chapter 18. Managing Roles

Previous page
Table of content
Next page


Terms you'll need to understand:

  • DBA_ROLES

  • DBA_ROLE_PRIVS

  • ROLE_ROLE_PRIVS

  • DBA_SYS_PRIVS

  • ROLE_SYS_PRIVS

  • ROLE_TAB_PRIVS

  • SESSION_ROLES

  • DEFAULT ROLE

  • SET ROLE

  • DBMS_SESSION.SET_ROLE

  • Grant

  • Revoke

  • Enable

  • Disable

Concepts you'll need to master:

  • Create roles.

  • Modify roles.

  • Control role availability.

  • Remove roles from users.

  • Use predefined rules.

  • Remove roles from the database.

  • Display role information from the data dictionary.

Finally, we come to the last topic that will likely appear on your OCP exammanaging roles. Roles are Oracle's way of lumping together many privileges to make maintaining users and their privileges simpler and more centralized. This chapter provides an overview of roles and the part that they play in a healthy database.

Oracle provides roles as a facility for easy and controlled management for privileges. Roles are named groups of related privileges granted either directly to users or to other roles.

Roles share many characteristics:

  • May be granted to and revoked from users with the same commands used to grant and revoke system privileges.

  • May be granted to any users.

  • May be granted to another role.

  • May not be granted to themselves.

  • May not in any way be circularly referential.

  • May consist of both system and object privileges.

  • May be enabled or disabled for each user of the granted role.

  • May require that passwords be used to enable.

  • Names must be unique among existing usernames and role names.

  • Are not owned by anyone and are not in any given schema.

  • Have their entire description stored in the data dictionary.

Roles provide easier privilege management because many privileges can be grouped together to meet specific business rules. Roles can be granted directly with Oracle commands, or can be granted manually by the DBA. Not only is managing roles easier, management is more dynamic than could be accomplished with simply granting and revoking privileges directly to individual users. This is true because if a privilege that has been granted to a role changes, the change is automatically carried out to all the users who share that role. With roles, it is easier to turn privileges on and off temporarily. Finally, roles help to improve performance in the database. This is because there are fewer privileges to verify during statement execution, and by using roles there are fewer grants to check in the data dictionary whenever a user tries to accomplish something in the database.


    Previous page
    Table of content
    Next page
    Oracle 9i Fundamentals I Exam Cram 2
    Oracle 9i Fundamentals I Exam Cram 2
    ISBN: 0789732653
    EAN: 2147483647
    Year: 2004
    Pages: 244
    Authors: April Wells
    BUY ON AMAZON
    Network Security Architectures
    Java for RPG Programmers, 2nd Edition
    PostgreSQL(c) The comprehensive guide to building, programming, and administering PostgreSQL databases
    101 Microsoft Visual Basic .NET Applications
    Professional Struts Applications: Building Web Sites with Struts ObjectRelational Bridge, Lucene, and Velocity (Experts Voice)
    802.11 Wireless Networks: The Definitive Guide, Second Edition
    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net
    Privacy policy