At 11:16 AM 21/12/2004 +0530, you wrote:

>Hi Goutam
>
>Thanks for responding.
>
>At 08:00 pm 20/12/2004, you wrote:
>
> >Multiple users could belong to a single role.
> >
> >You can assign permissions to role and don't have to individually assign
> >the same permissions to all the users within the role.
> >Eg. You have users x,y,z. You need the users to have same level of
> >permissions all the time.
> >Create a role p , assign x,y,z to Role p . Grant the permission to Role
> >p.
>
>Okay so role is a sort of group head. Can a role inherit from a user, ie.
>the SYSDBA is already created and has it's own blanket power. Now
>supposing I create a role P and assign SYSDBA to it, do I have to go about
>giving permission to everything

A role is not a user, or a group of users. It is a package of privileges.
User authentication takes place at server level, roles and privileges apply
at database level. At login, the user logs in with his/her username and
password AND the role. You can't log in with a role on its own.

1. SYSDBA or db_owner creates the role
2. SYSDBA and/or object_owners and/or grantees_with_grant_option assign
privileges to the role.
3. SYSDBA or db_owner assign the role TO individual users.

In assigning the role TO a user you don't somehow make the role "inherit"
that user's privileges. You make THAT role's privileges available to THAT
user.

It's totally pointless assigning a role to SYSDBA since it already has all
privs to all things in all databases.

./hb