BY password The BY password clause lets you create a local role and indicates that the user must specify the password to the database when enabling the role. The password can contain only single-byte characters from your database character set regardless of whether this character set also contains multibyte characters.
USING package The USING package clause lets you create an application role, which is a role that can be enabled only by applications using an authorized package. If you do not specify schema, then the database assumes the package is in your own schema.
Caution:
When you grant a role to a user, the role is granted as a default role for that user and is therefore enabled immediately upon logon. To retain the security benefits of an application role, you must ensure that the role is not a default role. Immediately after granting the application role to a user, issue an ALTER USER statement with the DEFAULT ROLE ALL EXCEPT role clause, specifying the application role. Doing so will enforce the rule that, in subsequent logons by the user, the role will not be enabled except by applications using the authorized package. See Also:
Oracle Database Security Guide for information on creating a secure application role EXTERNALLY Specify EXTERNALLY to create an external role. An external user must be authorized by an external service, such as an operating system or third-party service, before enabling the role.
Depending on the operating system, the user may have to specify a password to the operating system before the role is enabled.
GLOBALLY Specify GLOBALLY to create a global role. A global user must be authorized to use the role by the enterprise directory service before the role is enabled at login.
|