Enable default roles and non-default roles
After the DBA grants privileges and adds users to a role,
there are two possible ways to enable roles.
- The DBSA can specify a default role for PUBLIC or for individual users by using the GRANT DEFAULT ROLE statement. This role is automatically activated as the initial role setting when the user connects to the database.
- Any role that a user holds can also be activated when the user specifies that role in the SET ROLE statement.
When a role is enabled, all privileges that have been granted to the role become available, and all privileges explicitly granted to you or to PUBLIC.
Assigning privileges to a role, and then granting that role as the default role to specified users is convenient for sessions in which those users run an application that requires a specific set of access privileges. Use default roles when it is impractical to recompile an application to include GRANT and SET ROLE statements that specifically assign to users the necessary access privileges.