Oracle8i SQL Reference Release 2 (8.1.6) A76989-01 |
|
SQL Statements (continued), 2 of 11
To create a role, which is a set of privileges that can be granted to users or to other roles. You can use roles to administer database privileges. You can add privileges to a role and then grant the role to a user. The user can then enable the role and exercise the privileges granted by the role.
A role contains all privileges granted to the role and all privileges of other roles granted to it. A new role is initially empty. You add privileges to a role with the GRANT
statement. For information on granting roles, see "GRANT system_privileges_and_roles". For information on enabling roles, see "ALTER USER".
When you create a role that is NOT
IDENTIFIED
or is IDENTIFIED
EXTERNALLY
or BY
password, Oracle grants you the role with ADMIN
OPTION
. However, when you create a role IDENTIFIED
GLOBALLY
, Oracle does not grant you the role.
For information on modifying a role, see"ALTER ROLE". For information on removing a role from the database, see "DROP ROLE". For information on enabling and disabling roles for the current session, see "SET ROLE". For a detailed description and explanation of using global roles, see Oracle8i Distributed Database Systems.
You must have CREATE ROLE
system privilege.
role |
is the name of the role to be created. Oracle recommends that the role contain at least one single-byte character regardless of whether the database character set also contains multibyte characters. |
|
|
Some roles are defined by SQL scripts provided on your distribution media. For a list of these predefined roles, see "GRANT system_privileges_and_roles". |
|
|
indicates that this role is authorized by the database and that no password is required to enable the role. |
|
|
indicates that a user must be authorized by the specified method before the role is enabled with the |
|
|
|
creates a local user and indicates that the user must specify the password to Oracle when enabling the role. The password can contain only single-byte characters from your database character set regardless of whether this character set also contains multibyte characters. |
|
|
creates an external user and indicates that a user must be authorized by an external service (such as an operating system or third-party service) before enabling the role. |
|
|
Depending on the operating system, the user may have to specify a password to the operating system before the role is enabled. |
|
|
creates a global user and indicates that a user must be authorized to use the role by the enterprise directory service before the role is enabled with the |
If you omit both the |
The following statement creates global role VENDOR
:
CREATE ROLE vendor IDENTIFIED GLOBALLY;
The following statement creates the role TELLER
:
CREATE ROLE teller IDENTIFIED BY cashflow;
Users who are subsequently granted the TELLER
role must specify the password CASHFLOW
to enable the role with the SET
ROLE
statement.
|
![]() Copyright © 1999 Oracle Corporation. All Rights Reserved. |
|