Granting and revoking roles

After a role is defined, it can be granted to any login account or role in the server, provided that it does not violate the rules of mutual exclusivity and hierarchy. Table 12-4 lists the tasks related to roles, the role required to perform the task, and the command to use.

Table 12-4: Tasks, required roles, and commands to use

Task

Required role

Command

Grant the sa_role role

System Administrator

grant role

Grant the sso_role role

System Security Officer

grant role

Grant the oper_role role

System Security Officer

grant role

Grant user-defined roles

System Security Officer

grant role

Create role hierarchies

System Security Officer

grant role

Modify role hierarchies

System Security Officer

revoke role

Revoke system roles

System Security Officer

revoke role

Revoke user-defined roles

System Security Officer

revoke role