After a role is defined, it can be granted to any login account or role in the server, provided that it does not violate the rules of mutual exclusivity and hierarchy. Table 12-4 lists the tasks related to roles, the role required to perform the task, and the command to use.
Task |
Required role |
Command |
|---|---|---|
Grant the sa_role role |
System Administrator |
grant role |
Grant the sso_role role |
System Security Officer |
grant role |
Grant the oper_role role |
System Security Officer |
grant role |
Grant user-defined roles |
System Security Officer |
grant role |
Create role hierarchies |
System Security Officer |
grant role |
Modify role hierarchies |
System Security Officer |
revoke role |
Revoke system roles |
System Security Officer |
revoke role |
Revoke user-defined roles |
System Security Officer |
revoke role |
