Grant Database Role to Data Role

13.3 Grant Database Role to Data Role

Use the standard GRANT statement to grant one or more database roles to data roles. This allows data roles to carry traditional Oracle AI Database privileges in addition to Oracle Deep Data Security (Deep Sec) data grants.

Note:

In the Deep Sec framework, you cannot grant database roles directly to local end users. Instead, you must first assign them to data roles that are managed locally in the database. You can then grant those data roles to local end users, allowing them to inherit the combined privileges of both the data role and the underlying database role.

Syntax

GRANT database_role_list
  TO grantee_list;
 
database_role_list ::= database_role [, database_role ]...
 
grantee_list       ::= data_role [, data_role ]...

Parameters

Parameter	Description
`database_role_list`	A comma-separated list of existing database roles to be granted.
`grantee_list`	A comma-separated list of data roles to which the database roles are granted. Only data roles are permitted as grantees in this context.

Example 13-6 Grant database role to data role

Grant a database role select_catalog_role to a data role hr_rep_role.

GRANT select_catalog_role TO hr_rep_role;