connect角色只包含一个权限:
SYS@PROD> select * from role_sys_privs where role='CONNECT';
ROLE PRIVILEGE ADM
------------------------------ ---------------------------------------- ---
CONNECT CREATE SESSION NO
resource角色包含的权限:
SYS@PROD> select * from role_sys_privs where role='RESOURCE';
ROLE PRIVILEGE ADM
------------------------------ ---------------------------------------- ---
RESOURCE CREATE TRIGGER NO
RESOURCE CREATE SEQUENCE NO
RESOURCE CREATE TYPE NO
RESOURCE CREATE PROCEDURE NO
RESOURCE CREATE CLUSTER NO
RESOURCE CREATE OPERATOR NO
RESOURCE CREATE INDEXTYPE NO
RESOURCE CREATE TABLE NO
但实际上resource角色不仅包含了这些Create权限,也包含了对应的select、update、delete、drop权限。
SYS@PROD> grant resource to t;
Grant succeeded.
SYS@PROD> conn t/t
Connected.
T@PROD> create table t(id number);
Table created.
T@PROD> insert into t values(1);
1 row created.
T@PROD> commit;
Commit complete.
T@PROD> select * from t;
ID
----------
1
T@PROD> delete from t;
1 row deleted.
T@PROD> rollback;
Rollback complete.
T@PROD> update t set id =2;
1 row updated.
T@PROD> commit;
Commit complete.
T@PROD> select * from t;
ID
----------
2
T@PROD> drop table t;
Table dropped.