Oracle Roles and permissions detailed

I. Oracle built-in role connect and resource permissions

Grant Connect,resource to user;

Connect role:--is the typical right to give end users, the most basic

Alter session--modifying sessions

Create CLUSTER--Create a cluster

Create DATABASE Link--Set up databases links

Create SEQUENCE--Create a sequence

Create session--establishing sessions

Create synonym--create synonyms

Create view--building views

RESOURCE role:--is granted to developers

Create CLUSTER--Create a cluster

Create PROCEDURE--build process

Create SEQUENCE--Create a sequence

CREATE table--building tables

Create TRIGGER--creating triggers

Create type--build types

You can find it from the Dba_sys_privs (note that you must be logged in as a DBA role):

Select Grantee,privilege from Dba_sys_privs

where grantee= ' RESOURCE ' order by privilege;

=================================================

One, what is the role?

The permissions and users are described in the previous space. Slowly in use you will find a problem: if there is a group of people, their required permissions are the same, it would be inconvenient to manage their permissions. Because you want to manage the permissions of each user in this group. There is a good solution: the role. A role is a set of permissions that assigns a role to a user who has all the permissions in the role. So the above problem is very good to deal with, as long as the first time to assign the role to this group of users, then as long as the role of the management can be.

The above is a typical use of the role. In fact, just understand: a role is a set of permissions.

The Oracle roles are described in two sections below.

Second, the system predefined role

A predefined role is a common role that the system automatically creates after the database is installed. The following is a brief introduction to these scheduled roles. The permissions that the role contains can be queried with the following statement:

Sql>select * from Role_sys_privs where role= ' role name ';

1. CONNECT, RESOURCE, DBA

These predefined roles are primarily for backward compatibility. It is mainly used for database management.

Oracle recommends that users design their own database management and secure permission plans instead of simply using these predefined roles. These roles may not be predefined roles in future releases.

2. Delete_catalog_role, Execute_catalog_role, Select_catalog_role

These roles are primarily used to access data dictionary views and packages.

3. Exp_full_database, Imp_full_database

The two roles are used for the data Import Export tool.

4. Aq_user_role, Aq_administrator_role

Aq:advanced Query. These two roles are used for Oracle advanced query functionality.

5. Snmpagent

For Oracle Enterprise Manager and Intelligent Agent

6. Recovery_catalog_owner

Used to create a user with a recovery library. For information about the recovery library, refer to the Oracle documentation "Oracle9i user-managed Backup and Recovery Guide"

7. Hs_admin_role

A DBA using Oracle ' s heterogeneous services feature needs this role to access appropriate tables in the data dictionary.