|
A role-based access control model is provided for the execution of privileged operations.
A role-based security model provides complete control and granularity for the privileges you want to grant to users. Each privileged operation a user can perform in the database requires one or more system or object-level privileges.
A system privilege is a right to perform an authorized database task. For example, the CREATE TABLE system privilege allows a user to create self-owned tables.
An object-level privilege is a right to perform an authorized task on a specified object. For example, having ALTER privileges on TableA allows a user to alter that table, but not other tables.
A role is a collection of one or more system privileges, object-level privileges, or roles. You can grant roles to other roles to create a role hierarchy. Granting a role to a user is equivalent to granting the user the underlying system privileges for the role.
Each new or migrated database includes a predefined set of roles you can use to get started. These system roles act as a starting point for implementing role-based security.