The primary method for authenticating users is the logon/password pair. No user
can access anything in an Oracle database without first logging on. Occasionally you may want to add an additional level of security to a particular role.
You can add authorization to a role by adding the keyword IDENTIFIED to the basic CREATE ROLE statement. There are three ways to do this:
You can require a password for access, using the keyword BY and the password, as in the command:
CREATE ROLE BIDDER IDENTIFIED
Using this method assigns a single password to the role, and when a user attempts to assign the role using the
command, they will have to supply a password.
The operating system can authorize use of the role, if you use the EXTERNAL keyword. To do this, you must also create roles whose names match the roles defined in the operating system, and you can only enable roles that are associated with the user by the operating system.
You can use the Oracle Security Service to authorize use of the role, by using the GLOBALLY keyword.
The next lesson is about granting users the ability to administer roles.