SELECT_CATALOG_ROLE

Arup Nanda ist auch einer dieser Leute, bei denen man in Gefahr gerät, jeden Blog-Artikel zu verlinken. Im aktuellen Eintrag zeigt er die Unterschiede zwischen der SELECT_CATALOG_ROLE (die ich mir gerne geben lasse) und dem Systemprivileg Select Any Dictionary. Und ehe ich versuche, den Inhalt zusammenzufassen, kopiere ich lieber die griffige Zusammenfassung:

[...] what is the difference between two seemingly similar privileges - SELECT ANY DICTIONARY and SELECT_CATALOG_ROLE. The former is a system privilege, which remains active throughout the sessions and allows the user to create stored objects on objects on which it has privileges as a result of the grant. The latter is not a system grant; it's a role which does not allow the grantee to build stored objects on the granted objects. The role can also be non-default which means the grantee must execute a set role or equivalent command to enable it. The role can also be password protected, if desired.

The core message you should get from this is that roles are different from privileges. Privileges allow you to build stored objects such as procedures on the objects on which the privilege is based. Roles do not.