RESOURCE CREATE CLUSTER, CREATE INDEXTYPE, CREATE OPERATOR,
CREATE PROCEDURE, CREATE SEQUENCE, CREATE TABLE,
CREATE TRIGGER, CREATE TYPE. These privileges are typically
used for application developers who may be coding PL/SQL
procedures and functions.
DBA All system privileges WITH ADMIN OPTION. Allows a person
with the DBA role to grant system privileges to others.
DELETE_CATALOG_ROLE Does not have any system privileges, but only object privileges
(DELETE) on SYS.AUD$ and FGA_LOG$. In other words, this
role allows a user to remove audit records from the audit trail for
regular or fine-grained auditing.
EXECUTE_CATALOG_ROLE Execute privileges on various system packages, procedures, and
functions, such as DBMS_FGA and DBMS_RLS.
SELECT_CATALOG_ROLE SELECT object privilege on 1,638 data dictionary tables.
EXP_FULL_DATABASE EXECUTE_CATALOG_ROLE, SELECT_CATALOG_ROLE, and
system privileges such as BACKUP ANY TABLE and RESUMABLE.
Allows a user with this role to export all objects in the database.
TABLE 9-11 Predefined Oracle Roles
308 Oracle Database 11g DBA Handbook
Creating or Dropping a Role
To create a role, you use the create role command, and you must have the CREATE ROLE system
privilege. Typically, this is granted only to database administrators or application administrators.
Here??™s an example:
SQL> create role hr_admin not identified;
Role created.
By default, no password or authentication is required to enable or use an assigned role; therefore,
the not identified clause is optional.
Pages:
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514