Oracle database roles - Oracle Datafiles and Tempfiles

Q.  Which of the following statements are true about the roles in the Oracle database?
- Published on 03 Aug 15

a. A role can be granted to itself
b. Roles can be granted to other roles
c. A role can contain both system and object privileges
d. Both A & B
e. Both B & C

ANSWER: Both B & C
 

    Discussion

  • Nirja Shah   -Posted on 25 Sep 15
    - Roles are useful for quickly and easily granting permissions to users.

    - Although you can use Oracle Database-defined roles, you have more control and continuity if you create your own roles that contain only the privileges pertaining to your requirements.

    - Roles have the following functionality:

    1. A role can be granted system or object privileges.

    2. Any role can be granted to any database user.

    3. Each role granted to a user is, at a given time, either enabled or disabled.
    - A user's security domain includes the privileges of all roles currently enabled for the user and excludes the privileges of any roles currently disabled for the user.
    - Oracle Database allows database applications and users to enable and disable roles to provide selective availability of privileges.

    4. A role can be granted to other roles.
    - However, a role cannot be granted to itself and cannot be granted circularly.
    - For example, role role1 cannot be granted to role role2 if role role2 has previously been granted to role role1.

    5. If a role is not password authenticated or a secure application role, then you can grant the role indirectly to the user.
    - An indirectly granted role is a role granted to the user through another role that has already been granted to this user.

    6. Optionally, you can make a directly granted role a default role.
    - You enable or disable the default role status of a directly granted role by using the DEFAULT ROLE clause of the ALTER USER statement. Ensure that the DEFAULT ROLE clause refers only to roles that have been directly granted to the user.
    - To find the directly granted roles for a user, query the DBA_ROLE_PRIVS data dictionary view.
    - This view does not include the user's indirectly granted roles.
    - To find roles that are granted to other roles, query the ROLE_ROLE_PRIVS view.

    7. If the role is password authenticated or a secure application role, then you cannot grant it indirectly to the user, nor can you make it a default role.
    - You only can grant this type of role directly to the user.
    - Typically, you enable password authenticated or secure application roles by using the SET ROLE statement.

Post your comment / Share knowledge


Enter the code shown above:
 
(Note: If you cannot read the numbers in the above image, reload the page to generate a new one.)