In Table 9-11 are the most common roles that are automatically provided with the database,
along with a brief description of what privileges come with each role.
The roles CONNECT, RESOURCE, and DBA are provided mainly for compatibility with previous
versions of Oracle; they may not exist in future versions of Oracle. The database administrator
should create custom roles using the privileges granted to these roles as a starting point.
Data Dictionary View Description
DBA_TAB_PRIVS Table privileges granted to roles and users. Includes the user who
granted the privilege to the role or user, with or without GRANT
OPTION.
DBA_COL_PRIVS Column privileges granted to roles or users, containing the column
name and the type of privilege on the column.
SESSION_PRIVS All system privileges in effect for this user for the session, granted
directly or via a role.
ROLE_TAB_PRIVS For the current session, privileges granted on tables via roles.
TABLE 9-10 Object Privilege Data Dictionary Views
Chapter 9: Database Security and Auditing 307
FIGURE 9-6 Using roles to manage privileges
Role Name Privileges
CONNECT Previous to Oracle Database 10g Release 2: ALTER SESSION,
CREATE CLUSTER, CREATE DATABASE LINK, CREATE
SEQUENCE, CREATE SESSION, CREATE SYNONYM, CREATE
TABLE, CREATE VIEW. These privileges are typically those given
to a general user of the database, allowing them to connect and
create tables, indexes, and views. Oracle Database 10g Release
2 and later: CREATE SESSION only.
Pages:
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513