Scribd
Upload
6 views6 pages

Roles

Roles

Uploaded by

monikakadamn
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
6 views6 pages

Roles

Roles

Uploaded by

monikakadamn
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 6

Introduction to Oracle CREATE

ROLE statement
A role is a group of privileges. Instead of
granting individual privileges to users, you
can group related privileges into a role and
grant this role to users. Roles help manage
privileges more efficiently.

To create a new role, you use the CREATE


ROLE statement. The basic syntax of
the CREATE ROLE statement is as follows:
CREATE ROLE role_name
[IDENTIFIED BY password]
[NOT IDENTIFIED]
In this syntax:

 First, specify the name of the role that you


want to create.
 Second, use IDENTIFIED BY
password option to create a local role and
indicate that the user, who was granted the
role, must provide the password to the
database when enabling the role.
 Third, use NOT IDENTIFIED to indicate that
the role is authorized by the database and
the user, who was granted this role, don’t
need a password to enable the role.
After a role is created, it is empty. To grant
privileges to a role, you use
the GRANT statement:
GRANT {system_privileges |
object_privileges} TO role_name;
In addition, you can use the GRANT statement
to grant privileges of a role to another role:
GRANT role_name TO another_role_name;
Oracle CREATE ROLE statement examples
Let’s take some examples of using the CREATE
ROLE statement.
1) Using Oracle CREATE ROLE without a
password example
First, create a new role named mdm (master
data management) in the sample database:
CREATE ROLES mdm;
Second, grant object privileges
on customers, contacts, products, product_
categories, warehouses, locations, employ
ees tables to the mdm role:
GRANT SELECT, INSERT, UPDATE, DELETE
ON customers
TO mdm;

GRANT SELECT, INSERT, UPDATE, DELETE


ON contacts
TO mdm;

GRANT SELECT, INSERT, UPDATE, DELETE


ON products
TO mdm;

GRANT SELECT, INSERT, UPDATE, DELETE


ON product_categories
TO mdm;

GRANT SELECT, INSERT, UPDATE, DELETE


ON warehouses
TO mdm;

GRANT SELECT, INSERT, UPDATE, DELETE


ON locations
TO mdm;

GRANT SELECT, INSERT, UPDATE, DELETE


ON employees
TO mdm;
Third, create a new user named alice and
grant the CREATE SESSION privilege to alice:
CREATE USER alice IDENTIFIED BY
abcd1234;

GRANT CREATE SESSION TO alice;


Fourth, log in to the database as alice:
Enter user-name: alice@pdborcl
Enter password:
and attempt to query data from
the ot.employees table:
SELECT * FROM ot.employees;
Oracle issued the following error:

ORA-00942: table or view does not exist


Go back to the first session and
grant alice the mdm role:
GRANT mdm TO alice;
Go to the alice’s session and enable role using
the SET ROLE statement:
SET ROLE mdm;
To query all roles of the current user, you use
the following query:

SELECT * FROM session_roles;


Here is the role of alice:
ROLE
------
MDM
Now, alice can manipulate data in the
master data tables such
as customers and employees.
2) Using Oracle CREATE ROLE to create a role
with IDENTIFIED BY password example
First, create a new role
named order_entry with the
password xyz123:
CREATE ROLE order_entry IDENTIFIED BY
xyz123;
Next, grant object privileges on
the orders and order_items tables to
the order_entry role:
GRANT SELECT, INSERT, UPDATE, DELETE
ON orders
TO order_entry;

GRANT SELECT, INSERT, UPDATE, DELETE


ON order_items
TO order_entry;
Then, grant the order_entry role to the
user alice:
GRANT order_entry TO alice;
After that, log in as alice and enable
the order_entry role by using the SET
ROLE statement:
SET ROLE
order_entry IDENTIFIED BY xyz123,
mdm;
Finally, use the following statement to get the
current roles of alice:
SELECT * FROM session_roles;
Here are the current roles of alice:
ROLE
-------------
MDM
ORDER_ENTRY
In this tutorial, you have learned how to use
the Oracle CREATE ROLE statement to create
roles in the database.

You might also like