Object Privileges  «Prev 

PUBLIC privileges

Your Oracle database comes with a special user group called PUBLIC already defined. The PUBLIC user group includes all users for the database. Any privilege that you grant to PUBLIC will be automatically granted to every database user, so you should be very careful when assigning privileges to this user group.

Format for the grant Command

Here is the general format for the grant command for system privileges
grant {system privilege | role | all [privileges] }
[, {system privilege | role | all [privileges] } ...]
to {user | role} [, {user | role}...] 
[identified by password ]
[with admin option]

You can grant any system privilege or role to another user, to another role, or to public. The with admin option clause permits the grantee to bestow the privilege or role on other users or roles. The all clause grants the user or role all privileges except the SELECT ANY DICTIONARY system privilege. The grantor can revoke a role from a user as well.

Revoking Privileges

Privileges granted can be taken away. The revoke command is similar to the grant command:

revoke {system privilege | role | all [privileges] }
[, {system privilege | role | all [privileges] }. . .]
from {user | role} [, {user | role}]. . .

DBA Role

An individual with the DBA Role can revoke CONNECT, RESOURCE, DBA, or any other privilege or role from anyone, including another DBA. This, of course, is dangerous, and is why DBA privileges should be given neither lightly nor to more than a tiny minority who really need them.
Note: Revoking everything from a given user does not eliminate that user from Oracle, nor does it destroy any tables that user had created; it simply prohibits the access of the user to them. Other users with access to the tables will still have exactly the same access they have always had.