community.borland.com

Article #25612: What is the goal to have one user in more than one ROLE?

Problem:
What is the goal to have one user in more than one ROLE?

Solution:
This provides the user with some added flexibility without the need for
the db admin to grant/revoke additional privileges.  A user can specify
a different role everytime he/she connects to the database.  This would
allow them to change their db privileges for different operations.

For example, maybe there is a user that is a member of one role, lets
call it EVERYDAY in which he/she only has rights to a subset of tables
in the database.  This user may be responsible for running end of month
reports which require access to all tables in the database.  The dba
could have a MONTHLY role setup with access to all tables, thus,
allowing the user to run the monthly reports.  This user can login each
day with the EVERYDAY role and do his/her normal work.  At end of month
the same user can login specifying the MONTHLY role and run the monthly
reports.  The user can assume 2 different sets of privileges and the dba
doesn't have to do anything each month as far as grant/revoking
privileges.

This is a contrived example, but hopefully you get the point.

Last Modified: 26-OCT-00