You can use Oracle Enterprise Manager Database Express (EM Express) to create a role called APPDEV
for application developers in a pluggable database (PDB). Because application developers must be able to create, modify, and delete the schema objects that their applications use, you want the APPDEV
role to include the system privileges shown in Table 7-2.
Table 7-2 System Privileges Granted to the APPDEV Role
Privilege | Description |
---|---|
|
Enables a user to create, modify, and delete tables in his schema. |
|
Enables a user to create, modify, and delete views in his schema. |
|
Enables a user to create, modify, and delete procedures in his schema. |
|
Enables a user to create, modify, and delete triggers in his schema. |
|
Enables a user to create, modify, and delete sequences in his schema. |
|
Enables a user to create, modify, and delete synonyms in his schema. |
Note:
If you create an APPDEV
role for application developers at your company, you should follow the principle of least privilege, in which you grant to your application developers only the privileges needed to perform their job function, and no more. Therefore, the set of privileges that you grant to the APPDEV
role for your company may be different than the system privileges that are granted to the APPDEV
role in Table 7-2.
To create the APPDEV role:
In EM Express, go to the Roles page, as described in "Viewing Roles".
Click Create Role.
The Create Role wizard appears, with the New Role page showing.
In the Role Name field, enter APPDEV
.
Click the right arrow.
The Privilege page appears.
The available system privileges and roles table on the left shows the available system privileges that can be assigned to the role. Roles are identified by a check mark in the Is Role column. The selected system privileges and roles table on the right shows the system privileges and roles that are currently selected for the role. Select one or more system privileges or roles in either table, and then click the appropriate arrow button to move those privileges to the other table.
Move the CREATE TABLE
, CREATE VIEW
, CREATE PROCEDURE
, CREATE TRIGGER
, CREATE SEQUENCE
, and CREATE SYNONYM
system privileges to the selected system privileges and roles table for the APPDEV
role that is being created.
In the selected system privileges and roles table, enable the WITH ADMIN option for a system privilege or role if you want users who will be granted the APPDEV
role you are defining to be able to grant the system privilege or role in the selected system privileges and roles table to other users.
Click OK.
The APPDEV
role now appears in the table of database roles on the Roles page.