User-Defined Roles

A user-defined role is a custom collection of system and object-level privileges, typically created to group privileges that are related to a specific task or set of tasks.

A user-defined role:

You cannot convert a user-defined role to a user-extended role, and vice versa.

• Creating a User-Defined Role
  Create a new user-defined role.
• Converting an Existing User to a User-Extended Role
  You can extend an existing user ID to act as a role. This is useful when you have a user who is assigned a set of system and object-level privileges that you want to grant to another user.
• Converting a User-Extended Role Back to a User
  You can convert a user-extended role back to a regular user.
• Adding a User-Defined Role to a User or Role
  Add membership in a user-defined role to a user or role (grantee), with or without administrative rights.
• Removing Members from a User-Defined Role
  Remove a user or role as a member of a role. The user or role loses the ability to use any underlying system privileges or roles of a role, along with the ability to administer the role, if granted.
• Deleting a User-Defined Role
  Delete a user-defined role from the database as long as all dependent roles retain the minimum required number of administrator users with active passwords. If the minimum value is not maintained, the command fails.
• Role and Global Role Administrators
  Role administrators and global role administrators grant and revoke user-defined roles to users and other roles. You can add and remove role and global role administrators on a role as needed.