MANAGE ROLES System Privilege

Required to create new roles and act as the default administrator of roles.

While the MANAGE ROLES system privilege allows a user to create a new user-defined role, it does not allow them to delete the role. For this, a user requires administrative rights on the role.

Users granted the MANAGE ROLES system privilege serve as default global role administrators on a user-defined role.

If no role administrator is specified during the role creation process, the MANAGE ROLES system privilege (SYS_MANAGE_ROLES_ROLE) is automatically granted to the role with the ADMIN ONLY OPTION clause, which allows the global role administrator to administer the role. If at least one role administrator is specified during the creation process, the MANAGE ROLES system privilege is not granted to the role, and global role administrators will be unable to manage the role.

MANAGE ROLES is the only system privilege with the ability to be granted the ability to administer user-defined roles.

Note: Administration of a role can also be granted directly to users either during the creation of the role or after the fact. When granted directly to a user, the user does not require the MANAGE ROLES system privilege to administer the role.
Parent topic: Roles System Privileges
Related reference
GRANT System Privilege Statement
REVOKE System Privilege Statement
List All System Privileges