When our task is limited to granting permissions to a select few users, what we've learned this far using GRANT
and REVOKE
would likely suffice. However, a real-world security approach may require us to manage the grants of thousands of users for hundreds of database objects. Were we to use individual grants for each of these users, mistakes would likely be made. Certain users would not have the necessary permissions and, worse still, users may be granted higher access than they require. We need a way to ease this burden and make managing permissions more efficient. To this end, we discuss the subject of role-based security.
In Oracle, a role is simply a container for a group of any other directly granted permissions, including both system privileges and object privileges. By creating a role and granting permissions to it, any user who receives that role receives all the permissions it contains. Before we examine the process of creating...