After a role is defined, it can be granted to any login account or role in the server, provided that it does not violate the rules of mutual exclusivity and hierarchy. Table 4-3 lists the tasks related to roles, the role required to perform the task, and the command to use.
Task |
Required role |
Command |
|---|---|---|
Grant the sa_role role |
System administrator |
grant role |
Grant the sso_role role |
System security officer |
grant role |
Grant the oper_role role |
System security officer |
grant role |
Grant user-defined roles |
System security officer |
grant role |
Create role hierarchies |
System security officer |
grant role |
Modify role hierarchies |
System security officer |
revoke role |
Revoke system roles |
System security officer |
revoke role |
Revoke user-defined roles |
System security officer |
revoke role |
