A user-defined role is a custom collection of system and object-level
privileges, typically created to group privileges that are related to a specific task or set
of tasks.
A user-defined role:
- Can be a standalone object with no login privileges, which can
own objects.
- Can be a database user with the ability to act as a role
(user-extended role). If an existing user ID has login privileges, the
user-extended role retains the login privileges.
- Can be granted privileges on other objects.
- Can be granted privileges of other roles.
- Has a case-insensitive name.
The granting of a user-defined role is semantically equivalent to individually
granting each of its underlying system and object-level privileges.
You cannot convert a user-defined role to a user-extended role, and vice
versa.
Note: Unless otherwise noted, the term user-defined role refers
to both user-extended and user-defined roles.