To put it another way, a role is a named group of privileges. In addition, a role
can itself have roles assigned to it.
Privileges and roles are granted and revoked with the grant and revoke commands. The user
group PUBLIC is neither a user nor a role, nor can it be dropped; however, when privileges are
granted to PUBLIC, they are granted to every user of the database, both present and future.
40 Oracle Database 11g DBA Handbook
System Privileges
System privileges grant the right to perform a specific type of action in the database, such as
creating users, altering tablespaces, or dropping any view. Here is an example of granting a
system privilege:
grant DROP ANY TABLE to SCOTT WITH ADMIN OPTION;
The user SCOTT can drop anyone??™s table in any schema. The with grant option clause allows
SCOTT to grant his newly granted privilege to other users.
Object Privileges
Object privileges are granted on a specific object in the database. The most common object
privileges are SELECT, UPDATE, DELETE, and INSERT for tables, EXECUTE for a PL/SQL stored
object, and INDEX for granting index-creation privileges on a table. In the following example,
the user RJB can perform any DML on the JOBS table owned by the HR schema:
grant SELECT, UPDATE, INSERT, DELETE on HR.JOBS to RJB;
Auditing
To audit access to objects in the database by users, you can set up an audit trail on a specified
object or action by using the audit command.
Pages:
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124