Before You Begin

This 10-minute tutorial shows you how to use Enterprise Manager Express to create and manage roles.

Select the Oracle Database release:

Background

In most systems, it is time-consuming and error-prone to grant necessary privileges to each user individually. Oracle software provides for easy and controlled privilege management through roles. Roles are named groups of related privileges that are granted to users or to other roles. Roles are designed to ease the administration of privileges in the database and, therefore, improve security. 

What Do You Need?

• Oracle Database 18c19c

  Note:Starting with Oracle Database 19c, Oracle EM Express, the default management option for Oracle Database, is based on Java JET technology. Currently, only the Performance menu is available in the 19c JET version. Therefore, we are using the 18c Flash Oracle EM Express in our tutorials. Use the following command to revert to Flash Oracle EM Express:

   SQL> @?/rdbms/admin/execemx emx

  To return to 19c JET Oracle EM Express, use the following command:

   SQL> @?/rdbms/admin/execemx omx

View Roles

1. Enter the URL for the Enterprise Manager Database Express for PDB in your browser and log in as the SYSTEM user.

   

2. Select Roles in the Security menu.

   

   Note: If you log in as the Enterprise Manager Database Express for CDB, you will not see Profiles in the Security menu.
3. The Roles page is displayed.

   

4. To view the privileges granted to a role, select a role of interest. The CONNECT role is selected in this example. Click View Details in the Actions menu.

   

5. The Privileges & Roles tab shows the system privileges and roles granted to the CONNECT role. Click the Object Privileges tab.

   

6. The Object Privileges tab shows the object privileges granted to the role. There are no object privileges granted to the CONNECT role.

   

7. Click ORCL / ORCLPDB to return to the Database Home page.

Create a Role

1. Select Roles in the Security menu.

   

2. Click Create Role.
3. Enter a name such as appdev for the role. Click the right arrow.

   

4. Select the privileges to grant to the role by selecting the privilege name and clicking the right arrow. Select CREATE PROCEDURE, CREATE SEQUENCE, CREATE SYNONYM, CREATE TABLE, CREATE TRIGGER, and CREATE VIEW.
5. Select "With Admin" for each privilege. Click OK.

   

6. Click OK on the Confirmation page.

   

7. The new APPDEV role is displayed on the Roles page.

   

8. Click ORCL / ORCLPDB to return to the Database Home page.

Modify a Role

1. Select Roles in the Security menu.

   

2. Select the role to modify. In this example, the APPDEV role is modified. Select "Alter Privileges & Roles" in the Actions menu.

   

3. Select the CONNECT role. Click the right arrow.
4. Select "With Admin" for the CONNECT role. Click OK.

   

5. Click OK on the Confirmation page. The Roles page is displayed again.

   

6. Click ORCL / ORCLPDB to return to the Database Home page.