Granting privileges to a role

You can grant privileges to a role by using the GRANT statement. You can associate primary authorization IDs with a role in the definition of the trusted context and then use the GRANT statement with the ROLE option to grant privileges to the role.

About this task

You can improve access control by granting privileges to roles. When you grant certain privileges to a role, you make those privileges available to all users that are associated with the role in the specific trusted context.

You can also simplify the administration of granting privileges by using roles rather than individual authorization IDs. To make a role a grantor, you need to specify the ROLE AS OBJECT OWNER clause when you define the trusted context. For a static GRANT statement, the grantor is the role that owns the plan or package. For a dynamic GRANT statement, the role for the primary authorization ID that executes the GRANT statement becomes the grantor.