A script-enabled browser is required for this page to function properly.

About Creating and Granting Database Roles

When planning application security, define roles so that all object and system privileges necessary to perform a certain task are granted to a single role. This will simplify application maintenance, since adding a new end user will require granting one role, instead of granting all the individual privileges.

Before you can grant security to menu items (on an item-by-item basis), you first must choose the subset of roles you want to grant to the menu module. For example, the DBA may grant 50 roles access to a particular database. For a specific application using that database, however, you may want to grant access to only 10 of those roles.

Granting a role access to a menu module does not grant that role access to any menu items. Rather, once you grant a role access to the menu module, it will appear in the Menu Item Roles property List for all menu items in the module.

Once you grant a role access to a menu module, you can grant the role access to individual menu items to the module.

You can create and grant roles two ways:

Whether you implement security directly in the server or through Oracle Forms, the underlying SQL commands are the same. Use:

Oracle Forms menu security is based on the roles granted to an end user, regardless of whether the role is currently enabled (via SET ROLE). However, since table privileges depend on the role being enabled, you must include the necessary DBMS_SESSION.SET ROLE() command in your application (unless you enable roles by default).

Tip 1: If an end user tries querying a block based on a table and gets the error message ORACLE Error--Unable to Perform..., most likely the end user does not have access to that database table because the appropriate role is not set. You need to either:

  •  or
  • Tip 2: If your users are receiving this message:

    FRM-10249: No authorization to run application <name>

    Make sure that you have done the following:

    Having followed these steps, if you still get the FRM-10249 error and you are not storing the menu in the database, make sure that the Use File option in the form module property sheet is selected.

    Also, check that the menu base tables have a datatype of VARCHAR2 and not CHAR, where appropriate.


    Modifying existing database roles

    Deleting existing database roles

    Granting database roles access to menu modules

    Granting database roles access to menu items