Oracle Server Manager User's Guide

The Roles Folder

When you click the Roles folder tab, the Roles folder opens and the Role object list and menu appear. The Role object list displays the roles defined in your database.

Roles are named groups of privileges granted to users or other roles. For information about managing roles, see the Oracle7 Server Concepts, the Oracle7 Server Administrator's Guide, and the Oracle7 Server SQL Reference.

The following figure illustrates the Role object list.

Figure 4 - 31. Role Object List

Role Object List

The columns of the Role object list are described below:

Role Name of the role.
Password Whether or not the role requires a password to be enabled.

Creating a Role

To create a new role, choose Create from the Role menu. The Create Role property sheet appears.

The Create Role property sheet consists of the following pages:

General

Definition

The following figure illustrates the General page.

Figure 4 - 32. General Page of the Create Role Property Sheet

Create Role: General Page

The General page is described below:

Role Name Name of the role to be created.
Enter the name of the new role.
Password Method used to enable the role.
Click No Password to indicate that a user granted the role may enable it without specifying a password.
Click OS Authenticated to require the operating system or an external security utility to verify the role.
Click Password to require a password in order to enable the role. Enter the password in the adjacent text entry field.

Create Role: Definition Page

On the Definition page of the Create Role property sheet you can assign roles and grant individual privileges to the role. The following figure illustrates the Definition page.

Figure 4 - 33. Definition Page of the Create Role Property Sheet

The Definition page is described below:

Privileges and Roles Scrolling list of the roles and privileges to be assigned to the new role.
Add Displays the Add Privilege to Role dialog box. See "Add Privilege to Role Dialog Box" for a description of the Add Privilege to Role dialog box.
Remove Removes the role or privilege selected in the Privileges and Roles scrolling list.

Add Privilege to Role Dialog Box

In the Add Privilege to Role dialog box you can grant roles, system privileges, and object privileges to a role. You can add a privilege to a role when you create a new role, alter a role, or choose Add Privilege to Role from the Role menu.

The following figure illustrates the Add Privilege to Role dialog box with the Role Privilege Type selected.

Figure 4 - 34. Add Privilege to Role Dialog Box with the Role Privilege Type Selected

The Add Privilege to Role dialog box in Figure 4 - 34 is described below:

Privilege Type: Role Displays the roles you can grant to the role you are creating or altering.
Defined Roles Scrolling list of the roles you can grant. These are roles you have created and roles you have been granted with the Admin Option. If you have the GRANT ANY ROLE system privilege, all roles are listed.
Select the role you wish to grant to the role you are creating or altering.
Admin Option Allow a grantee to grant the role to other users or roles.

The following figure illustrates the Add Privilege to Role dialog box with the System Privilege Type selected.

Figure 4 - 35. Add Privilege to Role Dialog Box with the System Privilege Type Selected

The Add Privilege to Role dialog box in Figure 4 - 35 is described below:

Privilege Type: System Displays the system privileges you can grant to the role.
System Privileges Scrolling list of the system privileges you can grant. These are the system privileges you have been granted with the Admin Option. If you have the GRANT ANY PRIVILEGE system privilege, all privileges are listed.
Select the system privilege you wish to grant to the role.
Admin Option Allow users assigned this role to grant the system privilege to other users or roles.

The following figure illustrates the Add Privilege to Role dialog box with the Object Privilege Type selected.

Figure 4 - 36. Add Privilege to Role Dialog Box with the Object Privilege Type Selected

The Add Privilege to Role dialog box in Figure 4 - 36 is described below:

Privilege Type: Object Displays object privileges.
Object Privileges Scrolling list of all object privileges.
You can grant an object privilege that you have been granted with the Grant Option. If you are the owner of the object, you can grant all privileges on the object.
The scrolling list includes the item ALL, which represents all object privileges you can grant for an object.
Object Name Schema and name of the object on which you are granting privileges.
Enter the schema and object name, or click Find Object.
Find Object Displays the Find Schema Object dialog box. See "Find Schema Object Dialog Box" for a description of the Find Schema Object dialog box.

Find Schema Object Dialog Box

In the Find Schema Object dialog box you can specify an object on which to grant object privileges. The following figure illustrates the Find Schema Object dialog box.

Figure 4 - 37. Find Schema Object Dialog Box

The Find Schema Object dialog box is described below:

Filters Types of objects on which you can grant object privileges.
Click the object types you wish to find, then click Filter to find the objects.
Schema Scrolling list of schemas in your database.
Select a schema from the Schema scrolling list. Server Manager retrieves all the objects in that schema that match the object types you chose in the Filters.
Object Scrolling list of objects in the selected schema that match the object types you chose in the Filters.
Select the object on which you wish to grant object privileges.
Filter Retrieves the objects in the selected schema that match the object types you chose in the Filters.

Altering a Role

To alter the privileges granted to a role, select the role to be altered from the Role object list and choose Alter from the Role menu. The Alter Role property sheet appears. You can also bring up the Alter Role property sheet by double-clicking on the role in the Role object list.

The Alter Role property sheet consists of the following pages:

General

Definition

The following illustrates the General page.

Figure 4 - 38. General Page of the Alter Role Property Sheet

Alter Role: General Page

The General page is described below:

Role Name Name of the role you wish to alter.
Password Method used to enable the role.
Click No Password to indicate that a user granted the role may enable it without specifying a password.
Click OS Authenticated to require the operating system or an external security utility to verify the role.
Click Password to require a password in order to enable the role. Enter the password in the adjacent text entry field.

Alter Role: Definition Page

On the Definition page of the Alter Role property sheet you can grant or revoke roles or privileges from the role. The following figure illustrates the Definition page.

Figure 4 - 39. Definition Page of the Alter Role Property Sheet

The Definition page is described below:

Privileges and Roles Scrolling list of the roles and privileges assigned to the role being altered.
Add Displays the Add Privilege to Role dialog box. See "Add Privilege to Role Dialog Box" for a description of the Add Privilege to Role dialog box.
Remove Removes the role or privilege selected in the Privileges and Roles scrolling list.

Dropping a Role

If a particular role is no longer needed, you can drop it. To drop a role, select the role to be dropped from the Role object list and choose Drop from the Role menu. The Drop Role alert box appears.

The following figure illustrates the Drop Role alert box.

Figure 4 - 40. Drop Role Alert Box

Granting a Role

To grant a role to a user or role, select the role to be granted from the Role object list and choose Grant Role from the Role menu. The Grant Role dialog box appears.

The following figure illustrates the Grant Role dialog box.

Figure 4 - 41. Grant Role Dialog Box

The Grant Role dialog box is described below:

Users and Roles Scrolling list of users and roles.
Admin Option Allow the grantee to grant the role to other users or roles. If you grant a role with the Admin Option, the user can also alter or drop the role.
Grant Grants the role to the user or role selected in the Users and Roles scrolling list.

Revoking a Role

To revoke a role from a user or role, select the role to be revoked from the Role object list and choose Revoke Role from the Role menu. The Revoke Role dialog box appears.

The following figure illustrates the Revoke Role dialog box.

Figure 4 - 42. Revoke Role Dialog Box

The Revoke Role dialog box is described below:

Users and Roles Scrolling list of users and roles that have been granted the role.
Revoke Revokes the role from the user or role selected in the Users and Roles scrolling list.

Adding a Privilege to or Removing a Privilege from a Role

To add a privilege to a role, select the role from the Role object list and choose Add Privilege to Role from the Role menu. The Add Privilege to Role dialog box appears. For a description of the Add Privilege to Role dialog box, see "Add Privilege to Role Dialog Box"

To remove a privilege from a role, select the role from the Role object list and choose Remove Privilege from Role from the Role menu. The Remove Privilege from Role dialog box appears.

The following figure illustrates the Remove Privilege from Role dialog box.

Figure 4 - 43. Remove Privilege from Role Dialog Box

The Remove Privilege from Role dialog box is described below:

Privileges and Roles Scrolling list of privileges and roles assigned to the role.
Select the role or privilege you wish to revoke from the role.

Role	Name of the role.
Password	Whether or not the role requires a password to be enabled.

Role Name	Name of the role to be created.
Enter the name of the new role.
Password	Method used to enable the role.
	Click No Password to indicate that a user granted the role may enable it without specifying a password.
	Click OS Authenticated to require the operating system or an external security utility to verify the role.
	Click Password to require a password in order to enable the role. Enter the password in the adjacent text entry field.

Privileges and Roles	Scrolling list of the roles and privileges to be assigned to the new role.
Add	Displays the Add Privilege to Role dialog box. See "Add Privilege to Role Dialog Box" for a description of the Add Privilege to Role dialog box.
Remove	Removes the role or privilege selected in the Privileges and Roles scrolling list.

Privilege Type: Role	Displays the roles you can grant to the role you are creating or altering.
Defined Roles	Scrolling list of the roles you can grant. These are roles you have created and roles you have been granted with the Admin Option. If you have the GRANT ANY ROLE system privilege, all roles are listed.
	Select the role you wish to grant to the role you are creating or altering.
Admin Option	Allow a grantee to grant the role to other users or roles.

Privilege Type: System	Displays the system privileges you can grant to the role.
System Privileges	Scrolling list of the system privileges you can grant. These are the system privileges you have been granted with the Admin Option. If you have the GRANT ANY PRIVILEGE system privilege, all privileges are listed.
	Select the system privilege you wish to grant to the role.
Admin Option	Allow users assigned this role to grant the system privilege to other users or roles.

Privilege Type: Object	Displays object privileges.
Object Privileges	Scrolling list of all object privileges.
	You can grant an object privilege that you have been granted with the Grant Option. If you are the owner of the object, you can grant all privileges on the object.
	The scrolling list includes the item ALL, which represents all object privileges you can grant for an object.
Object Name	Schema and name of the object on which you are granting privileges.
	Enter the schema and object name, or click Find Object.
Find Object	Displays the Find Schema Object dialog box. See "Find Schema Object Dialog Box" for a description of the Find Schema Object dialog box.

Filters	Types of objects on which you can grant object privileges.
Click the object types you wish to find, then click Filter to find the objects.
Schema	Scrolling list of schemas in your database.
Select a schema from the Schema scrolling list. Server Manager retrieves all the objects in that schema that match the object types you chose in the Filters.
Object	Scrolling list of objects in the selected schema that match the object types you chose in the Filters.
Select the object on which you wish to grant object privileges.
Filter	Retrieves the objects in the selected schema that match the object types you chose in the Filters.

Role Name	Name of the role you wish to alter.
Password	Method used to enable the role.
	Click No Password to indicate that a user granted the role may enable it without specifying a password.
	Click OS Authenticated to require the operating system or an external security utility to verify the role.
	Click Password to require a password in order to enable the role. Enter the password in the adjacent text entry field.

Users and Roles	Scrolling list of users and roles.
Admin Option	Allow the grantee to grant the role to other users or roles. If you grant a role with the Admin Option, the user can also alter or drop the role.
Grant	Grants the role to the user or role selected in the Users and Roles scrolling list.

Users and Roles	Scrolling list of users and roles that have been granted the role.
Revoke	Revokes the role from the user or role selected in the Users and Roles scrolling list.

Privileges and Roles	Scrolling list of privileges and roles assigned to the role.
	Select the role or privilege you wish to revoke from the role.