If we give each user permission directly, it would be a huge and cumbersome task, and it would be inconvenient for DBAs to manage it. By adopting a role that enables:
- Privilege Management is more convenient. Assign roles to multiple users, enabling the same authorization for different users. If you want to modify the permissions of these users, just modify the role;
- The permissions of the role can be activated and closed. Makes it easy for DBAs to choose whether to give a user a role;
- Improve performance by using roles to reduce the number of authorization records in the data dictionary by closing the role to reduce the acknowledgement of permissions during statement execution.
(1) The role information exists in the Dba-roles data dictionary, as follows:
(2) Create a role:
CREATE []
The meaning is as follows:
- Role_name: Role name;
- Not identified | Identified: Do not need password authentication before activating the role;
- By password: authentication password;
- Using package: Creates an app role that can only be activated through the authorized package;
- Externally: The role must be authorized by an external service prior to activation;
- Globally: When activating a role using STE role, the user must be authorized to use the role through the Enterprise path service
"Not to be continued ... 】
[Oracle] Oracle Role Management
