About Permission Inheritance for Application Roles

Application roles can have permissions granted through membership in other application roles.

Permissions granted explicitly to an application role take precedence over any permissions granted through other application roles.

If there are multiple application roles acting on an application role at the same level with conflicting security attributes, then the application role is granted the least restrictive security attribute. Oracle currently requires that the application role with access to an object also have access to the object's container. For example, if ApplicationRole 1 has permission to access Column A, which is part of Table B, then ApplicationRole1 must also have permission to access Table B.