The DBMS ROLE MANAGEMENT privilegesAuraDB Business CriticalAuraDB Virtual Dedicated CloudEnterprise Edition
The DBMS privileges for role management can be granted, denied, or revoked like other privileges.
|
For more details about the syntax descriptions, see Reading the administration commands syntax. |
| Command | Description |
|---|---|
|
Enables the specified roles to create new roles. |
|
Enables the specified roles to change the name of roles. |
|
Enables the specified roles to delete roles. |
|
Enables the specified roles to assign roles to users. |
|
Enables the specified roles to remove roles from users. |
|
Enables the specified roles to list roles. |
|
Enables the specified roles to create, delete, assign, remove, and list roles. |
Grant privilege to create roles
You can grant the privilege to add roles using the CREATE ROLE command.
For example:
GRANT CREATE ROLE ON DBMS TO roleAdder;As a result, the roleAdder role has privileges that only allow adding roles.
To list all privileges for the role roleAdder as commands, use the following query:
SHOW ROLE roleAdder PRIVILEGES AS COMMANDS;| command |
|---|
|
Rows: 1 |
Grant privilege to rename roles
You can grant the privilege to rename roles using the RENAME ROLE privilege.
For example:
GRANT RENAME ROLE ON DBMS TO roleNameModifier;As a result, the roleNameModifier role has privileges that only allow renaming roles.
To list all privileges for the role roleNameModifier, use the following query:
SHOW ROLE roleNameModifier PRIVILEGES AS COMMANDS;| command |
|---|
|
Rows: 1 |
Grant privilege to delete roles
You can grant the privilege to delete roles using the DROP ROLE privilege.
For example:
GRANT DROP ROLE ON DBMS TO roleDropper;As a result, the roleDropper role has privileges that only allow deleting roles.
To list all privileges for the role roleDropper, use the following query:
SHOW ROLE roleDropper PRIVILEGES AS COMMANDS;| command |
|---|
|
Rows: 1 |
Grant privilege to assign roles
You can grant the privilege to assign roles to users using the ASSIGN ROLE privilege.
For example:
GRANT ASSIGN ROLE ON DBMS TO roleAssigner;As a result, the roleAssigner role has privileges that only allow assigning/granting roles.
To list all privileges for the role roleAssigner as commands, use the following query:
SHOW ROLE roleAssigner PRIVILEGES AS COMMANDS;| command |
|---|
|
Rows: 1 |
Grant privilege to remove roles
You can grant the privilege to remove roles from users using the REMOVE ROLE privilege.
For example:
GRANT REMOVE ROLE ON DBMS TO roleRemover;As a result, the roleRemover role has privileges that only allow removing/revoking roles.
To list all privileges for the role roleRemover as commands, use the following query:
SHOW ROLE roleRemover PRIVILEGES AS COMMANDS;| command |
|---|
|
Rows: 1 |
Grant privilege to show roles
You can grant the privilege to show roles using the SHOW ROLE privilege.
A role with this privilege is allowed to execute the SHOW ROLES and SHOW POPULATED ROLES administration commands.
|
In order to use |
The following query shows an example of how to grant the SHOW ROLE privilege:
GRANT SHOW ROLE ON DBMS TO roleViewer;As a result, the roleViewer role has privileges that only allow showing roles.
To list all privileges for the role roleViewer as commands, use the following query:
SHOW ROLE roleViewer PRIVILEGES AS COMMANDS;| command |
|---|
|
Rows: 1 |
Grant privilege to manage roles
You can grant the privilege to create, rename, delete, assign, remove, and list roles using the ROLE MANAGEMENT privilege.
For example:
GRANT ROLE MANAGEMENT ON DBMS TO roleManager;As a result, the roleManager role has all privileges to manage roles.
To list all privileges for the role roleManager as commands, use the following query:
SHOW ROLE roleManager PRIVILEGES AS COMMANDS;| command |
|---|
|
Rows: 1 |