From the course: Oracle Database 12c: Security
Introduction to database roles - Oracle Database Tutorial
From the course: Oracle Database 12c: Security
Introduction to database roles
- [Instructor] Roles in the Oracle Database are used to group several privileges together so that these privileges can be granted to and revoked from users simultaneously. You can think of roles in the context of an Oracle Database as buckets of permissions. You assign permissions or database privileges to roles, and then you can grant the role to any user account in your database. By inheritance, the user account will hold all of the permissions that were assigned to the role. Imagine a scenario where you have multiple users in your database that need privileges to certain database objects that might share something in common, such as objects which are part of your sales application. Using database roles, you can create a dedicated sales role in your database, grant the required permissions on all of the various sales objects to the role, this could be multiple permissions, and then grant the role itself instead of all of the individual permissions to your database users. As you can see, this greatly simplifies the process of assigning or granting multiple permissions to multiple users in your database. In addition to the custom roles that you can create manually, for which we'll see a demo in our next video, Oracle also comes with several built-in roles that are created during database installation. These pre-defined roles can help simplify database administration. While we don't have time to go over all of the individual roles that are built in to the Oracle Database, some of the most important ones include the Connect role which includes several permissions as you can see on your screen now. The Resource role which includes another set of built-in permissions also presented in your screen. The DBA role which is a special role that includes all system privileges with the Admin option. We'll see what that means in a moment. This role is mostly used for backward compatibility with older Oracle versions, and in Oracle 12c, you should use the PDB_DBA and CDB_DBA roles instead. We also have a built-in PDB_DBA role which is granted automatically to the local user that is created when you create a new PDB from the seed PDB. No privileges are provided for this role by default. The bottom line is only grant a DBA role to super users in your database, users that need full control over all tables, objects, and other users in your database. This is a very powerful role and granting it should be made with extreme caution. Also, while you can use the Connect and Resource roles or any of the other built-in roles in your database, they might contain excessive permissions that you might not want your users to hold, so it's always a best idea to create and assign custom roles by yourself instead of using the ones built in to the Oracle Database. For a full list of built-in roles that come as part of the Oracle Database, please consult the Oracle documentation.
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.