Click apply save your changes and exit the dialog box

994 Part V ✦ Managing Oracle Security

If you do not want Oracle to enable all roles that a user has been granted, you must use the ALTER USER command to disable any roles that you do not want the user to have when they connect to the instance. You can then programmatically enable the roles or have the user issue the SET ROLE command to enable those roles that you disabled by default.

If you grant the user a role that requires a password, if you make that role a default role, the user will not be required to enter a password in order to make use of the privileges granted to the role. In essence, making a role that has a password a default role for the user bypasses the password requirement. In this way some users may have the role and its privileges when they connect, by default, while other users will be required to enable the role manually and specify a password in order to access the privileges granted the role.

For example, if you grant the user MarkS the StudentAdmin, QueryUser and CONNECT roles, but do not want the StudentAdmin role to be enabled when the user connects, you can issue the following commands:

SQL> GRANT CONNECT, QueryUser, StudentAdmin TO MarkS;

Establishing Default Roles for a User With Oracle Enterprise Manager
You can also configure a user’s default role with Oracle Enterprise Manager using the following steps:

STEP BY STEP: Configuring Default Roles for a User with Oracle Enterprise Manager

5. In the list of roles granted to the user, click on the Default column for the role to make it the default (that is, display a check mark) or not make it the default (that is, display a red X), as shown in Figure 19-8.

6. When you have made your selection, click Apply to save your changes and OK to exit the dialog box.