User Privil eges and Roles

When creating a user, you grant privileges to enable the user to connect to the database, to run queries and make updates, and to create schema objects. There are two main types of user privileges:

System privileges—A sys tem privilege is the right to perform a particular action, or to perform an action on any schema objects of a particular type. For example, the privileges to create tables and to delete the rows of any table in a database are system privileges.
Object privileges—An obje ct privilege is a right to perform a particular action on a specific schema object. Different object privileges are available for different types of schema objects. The privilege to delete rows from the DEPARTMENTS table is an example of an object privilege.

Mana ging and controlling privileges is made easier by using roles, which are named groups of related privileges. You create roles, grant system and object privileges to the roles, and then grant roles to users. Unlike schema objects, roles are not contained in any schema.

Table: Oracle Database Express Edition Predefined Roles lists three roles that are predefined in Oracle Database XE. You can grant these roles when you create a user with the Oracle Database XE graphical user interface.

Oracle Database Express Edition Predefined Roles

Role Name	Description
`CONNECT`	Enables a user to connect to the database. Grant this role to any user or application that needs database access.
`RESOURCE`	Enables a user to create certain types of schema objects in his own schema. Grant this role only to developers and to other users that must create schema objects. This role grants a subset of the create object system privileges. For example, it grants the `CREATE` `TABLE` system privilege, but does not grant the `CREATE` `VIEW` system privilege. It grants only the following privileges: `CREATE` `CLUSTER`, `CREATE` `INDEXTYPE`, `CREATE` `OPERATOR`, `CREATE` `PROCEDURE`, `CREATE` `SEQUENCE`, `CREATE` `TABLE`, `CREATE` `TRIGGER`, `CREATE` `TYPE`
`DBA`	Enables a user to perform most administrative functions, including creating users and granting privileges; creating and granting roles; creating and dropping schema objects in other users' schemas; and more. It grants all system privileges, but does not include the privileges to start up or shut down the database. It is by default granted to user `SYSTEM`.

User Privileges and Roles

User Privil eges and Roles