home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!cis.ohio-state.edu!pacific.mps.ohio-state.edu!linac!att!pacbell.com!pacbell!oracle!unrepliable!bounce
- Newsgroups: comp.databases.oracle
- From: dbenson@us.oracle.com (Daniel Benson)
- Subject: Re: Followup to: GRANTing permissions...
- Message-ID: <1992Aug26.172115.4668@oracle.us.oracle.com>
- Sender: usenet@oracle.us.oracle.com (Oracle News Poster)
- Nntp-Posting-Host: wrpyr.us.oracle.com
- Organization: Oracle Corporation, Redwood Shores CA
- References: <1992Aug25.204244.8362@unixg.ubc.ca>
- Date: Wed, 26 Aug 1992 17:21:15 GMT
- X-Disclaimer: This message was written by an unauthenticated user
- at Oracle Corporation. The opinions expressed are those
- of the user and not necessarily those of Oracle.
- Lines: 44
-
- George,
-
- ORACLE7 Roles can be dependent on Unix groups. That is if you are in a specificUnix group you can be default be in specific Roles. Below is a short
- description from the ORACLE7 DBA Guide about Roles:
-
- The ORACLE RDBMS provides for easy and controlled privilege management through
- the use of roles. Roles are named groups of related privileges that are
- granted to users or other roles. The following properties of roles allow for
- easier privilege management:
-
- - Reduced granting of privileges. Rather than explicitly granting
- the same set of privileges to many users, the privileges for a
- group of related users can be granted to a role, and then only
- the role needs to be granted to each member of the group.
-
- - Dynamic privilege management. When the privileges of a
- group must change, only the privileges of the role need to be
- modified. The security domains of all users granted the group's
- role automatically reflect the changes made to the role.
-
- - Selective availability of privileges. The roles granted to a user
- can be selectively enabled (available for use) or disabled (not
- available for use). This allows specific control of a user's
- privileges in any given situation.
-
- - Application awareness. A database application can be
- designed to automatically enable (and disable) selective roles
- when a user attempts to use the application.
-
- Roles are often created for a database application. An application role
- is granted all privileges necessary to run the application. The application
- roll is then granted to other roles or users. An application can have
- several different roles, each granted a different set of privileges that
- allow for more or less data access while using the application.
-
- A role can be created with a password to prevent unauthorized use of the
- privileges granted to the role. Typically, an application is designed
- so that when it starts, it enables the proper role. As a result, an
- application user does not need to know the password for an application's
- role.
-
- --------------------------------
-
- Hope this helps, -d
-