Re: Followup to: GRANTing permissions...

From: Daniel Benson <dbenson_at_us.oracle.com>
Date: Wed, 26 Aug 1992 17:21:15 GMT
Message-ID: <1992Aug26.172115.4668_at_oracle.us.oracle.com>

George,

ORACLE7 Roles can be dependent on Unix groups. That is if you are in a specificUnix group you can be default be in specific Roles. Below is a short description from the ORACLE7 DBA Guide about Roles:

The ORACLE RDBMS provides for easy and controlled privilege management through the use of roles. Roles are named groups of related privileges that are granted to users or other roles. The following properties of roles allow for easier privilege management:

Reduced granting of privileges. Rather than explicitly granting the same set of privileges to many users, the privileges for a group of related users can be granted to a role, and then only the role needs to be granted to each member of the group.
Dynamic privilege management. When the privileges of a group must change, only the privileges of the role need to be modified. The security domains of all users granted the group's role automatically reflect the changes made to the role.
Selective availability of privileges. The roles granted to a user can be selectively enabled (available for use) or disabled (not available for use). This allows specific control of a user's privileges in any given situation.
Application awareness. A database application can be designed to automatically enable (and disable) selective roles when a user attempts to use the application.

Roles are often created for a database application. An application role is granted all privileges necessary to run the application. The application roll is then granted to other roles or users. An application can have several different roles, each granted a different set of privileges that allow for more or less data access while using the application.

A role can be created with a password to prevent unauthorized use of the privileges granted to the role. Typically, an application is designed so that when it starts, it enables the proper role. As a result, an application user does not need to know the password for an application's role.

Hope this helps, -d Received on Wed Aug 26 1992 - 19:21:15 CEST

This message: [ Message body ]
Next message: Daniel Benson: "Re: Old RPT and ORACLE Version 7"
Previous message: David Bath: "Re: Freeing disk space"
In reply to: George chow: "Followup to: GRANTing permissions..."
Next in thread: Daniel Benson: "Re: Old RPT and ORACLE Version 7"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message