Lesson 2	What is a role?
Objective	Understand how database roles are used

How Database Roles are used

A role ^[1] is a way to group a series of security privileges^[2] into a single entity. You can then use the role as a management tool for assigning and changing security privileges for individual users that are assigned the role. A role is an intermediary between individual object grants and individual users. You assign a set of privileges to a role, and then assign users to that role.

Advantages of roles

You can use roles to simplify security administration and implementation in four ways:

Simplified granting of privileges:	By grouping privileges into a role, you reduce the amount of effort needed to grant multiple privileges.
Simplified management of privileges:	To change the object privileges for a group of users assigned to a role, you can change the privileges for the role instead of the privilegesfor each individual user
Dynamically changing security privileges:	A user can assume more than one role, and can change roles while connected to the database. You can enable and disable roles as an administrator.
Application roles:	You can create application roles, which allow all users of an application to have the same privileges while using the application.

The following SlideShow illustrates how roles work.

There are 2 roles with 2 different set of privileges for the COIN table, the VIEW_COIN role, which only has SELECT privileges, and the ADD_COIN role, which can also INSERT and UPDATE rows
User1 is initially assigned the VIEW_COIN role
With this role, User1 can select data from the COIN table
As long as User1 is only assigned the VIEW_COIN role, he or she cannot insert data into the table
The same INSERT statement works fine when User 1 is assigned the ADD_COIN role

Using DBA Security granted By Roles Runtime
The next lesson shows how to create a role.

[1]Role: A collection of privileges that can be assigned together.

[2]Privilege: The capability to perform some type of database action.