
102
|
Oracle DBA Pocket Guide
This command can only revoke privileges that were previously
granted with the GRANT command. If you revoke a role from a
user who currently has it enabled, the role will remain but that
user will not be allowed to enable it again.
If multiple grantors have given a privilege to a user (or PUBLIC),
all grantors must revoke the privilege before it becomes unavail-
able to the user.
ALL PRIVILEGES
Revokes all existing system privileges for the user or role.
JAVA SOURCE | RESOURCE
Revokes access to Java source code or a Java resource.
CASCADE CONSTRAINTS
Used only when you revoke the REFERENCES privilege or
ALL object privileges. Drops any constraints the revoked user
has defined on the object.
FORCE
Used to revoke the EXECUTE object privilege on objects of
user-defined types, when those objects have table or type
dependencies. Causes all dependent objects to be marked
INVALID, disallows access to data in dependent tables, and
marks all dependent function-based indexes as UNUSABLE.
Roles
Granting individual privileges to individual users can incur a
substantial amount of overhead, especially for enterprise sys-
tems with large numbers of users. Roles are designed to sim-
plify the management of privileges.
Privileges can be granted to roles; users can then be assigned
to roles that give them appropriate privileges. Privilege main-
tenance is performed on roles and affects users with ...