I. Oracle built-in role connect and resource permissions
Grant Connect,resource to user;
Connect role:--is the typical right to give end users, the most basic
Alter session--modifying sessions
Create CLUSTER--Create a cluster
Create DATABASE Link--Set up databases links
Create SEQUENCE--Create a sequence
Create session--establishing sessions
Create synonym--create synonyms
Create view--building views
RESOURCE role:--is granted to developers
Create CLUSTER--Create a cluster
Create PROCEDURE--build process
Create SEQUENCE--Create a sequence
CREATE table--building tables
Create TRIGGER--creating triggers
Create type--build types
You can find it from the Dba_sys_privs (note that you must be logged in as a DBA role):
Select Grantee,privilege from Dba_sys_privs
where grantee= ' RESOURCE ' order by privilege;
=================================================
One, what is the role?
The permissions and users are described in the previous space. Slowly in use you will find a problem: if there is a group of people, their required permissions are the same, it would be inconvenient to manage their permissions. Because you want to manage the permissions of each user in this group. There is a good solution: the role. A role is a set of permissions that assigns a role to a user who has all the permissions in the role. So the above problem is very good to deal with, as long as the first time to assign the role to this group of users, then as long as the role of the management can be.
The above is a typical use of the role. In fact, just understand: a role is a set of permissions.
The Oracle roles are described in two sections below.
Second, the system predefined role
A predefined role is a common role that the system automatically creates after the database is installed. The following is a brief introduction to these scheduled roles. The permissions that the role contains can be queried with the following statement:
Sql>select * from Role_sys_privs where role= ' role name ';
1. CONNECT, RESOURCE, DBA
These predefined roles are primarily for backward compatibility. It is mainly used for database management.
Oracle recommends that users design their own database management and secure permission plans instead of simply using these predefined roles. These roles may not be predefined roles in future releases.
2. Delete_catalog_role, Execute_catalog_role, Select_catalog_role
These roles are primarily used to access data dictionary views and packages.
3. Exp_full_database, Imp_full_database
The two roles are used for the data Import Export tool.
4. Aq_user_role, Aq_administrator_role
Aq:advanced Query. These two roles are used for Oracle advanced query functionality.
5. Snmpagent
For Oracle Enterprise Manager and Intelligent Agent
6. Recovery_catalog_owner
Used to create a user with a recovery library. For information about the recovery library, refer to the Oracle documentation "Oracle9i user-managed Backup and Recovery Guide"
7. Hs_admin_role
A DBA using Oracle ' s heterogeneous services feature needs this role to access appropriate tables in the data dictionary.