4. Authorizing User Access : Groups and Roles : Roles
Share this page                  
A role is an identifier that can be used to associate permissions with applications.
A role is typically associated with one or more applications to grant permissions to those applications.
For example, a company uses a restricted application that performs certain checks before updating the payroll tables to ensure that these tables are updated correctly. The DBA defines a role, for example update_payroll, and later assigns appropriate permissions for the necessary tables. The application developer associates the role with the application.
Note:  When defining a role, the DBA normally works with the application developer, so that they can agree on what role identifier and password to use for specific applications.
For further security, a role password can be specified. The role password is optional.