Christian,

> As a chosen combination of already granted roles isn't of relevance
> regarding security, why not allow the user to define the needed
> selection her-/himself, e.g. by transferring a comma-separated list of
> roles, or - for convenience - alternatively an asterisk, if an
> inclusion of them all for the least restricted db access is desired.

Wouldn't this allow the user to 'promote' himself to SYSDBA and do
anything he wanted?

> This could protect admins from the necessity of predefining myriads of
> role supersets.

Isn't that what's admin are supposed to do?

Define the restrictions which apply to users.


Sean