Summary: in this tutorial, you will learn how to use the Oracle DROP ROLE
statement to remove a role from the database.
Oracle DROP ROLE
statement overview
The DROP ROLE
statement allows you to remove a role from the database. Here is the syntax of the DROP ROLE
statement:
DROP ROLE role_name;
In this syntax, you specify the name of the role that you want to drop after the DROP ROLE
keywords.
When you drop a role, Oracle revokes it from all users and roles that have been previously granted. In addition, Oracle deletes the role from the database.
To drop a role, you must have the DROP ANY ROLE
system privilege or have been granted the role with the ADMIN OPTION
.
Oracle DROP ROLE
examples
Let’s take some examples of using the DROP ROLE
statement
1) Oracle DROP ROLE
statement basic example
First, log in to the Oracle Database using the ot
account.
Enter user-name: ot@pdborcl as sysdba Enter password: <ot_password>
Next, create a new role called developer
:
CREATE ROLE developer;
Then, very if the role has been created successfully:
SELECT * from dba_roles
WHERE role = 'DEVELOPER';
After that, drop the developer role:
DROP ROLE developer;
Finally, check if the role has been dropped:
SELECT * from dba_roles
WHERE role = 'DEVELOPER';
Oracle issued the following message indicating that the role developer has been removed successfully:
no rows selected
2) Oracle DROP ROLE
statement basic example
First, log in as ot
user:
Enter user-name: ot@pdborcl as sysdba Enter password: <ot_password>
Second, create a new role called auditor
and grant the SELECT
object privilege on the orders
table in the sample database:
CREATE ROLE auditor;
GRANT SELECT ON orders TO auditor;
Third, create a new user named audi
, grant the CREATE SESSION
system privilege and the auditor
role to audi
:
CREATE USER audi IDENTIFIED BY Abcd1234;
GRANT CREATE SESSION TO auditor;
GRANT auditor TO audi;
Fourth, log in to the Oracle database as the audi
user in the second session and issue the following command:
SELECT COUNT(*) FROM ot.orders;
Here is the output:
COUNT(*)
----------
105
Query role of the audi
user:
SELECT * FROM session_roles;
Here is the role of the user audi
:
ROLE
------
AUDITOR
Fifth, go back to the first session and drop the role auditor
:
DROP ROLE auditor;
Sixth, go to the second session and check the roles of the user audi
and issues the following SELECT
statement:
SELECT * FROM session_roles;
The following shows the output:
no rows selected
It means that the audit
role has been revoked from the user audi
.
Seventh, from the audi’s session, try to execute the following query to verify if the role has been revoked completely:
SELECT * FROM ot.orders;
Oracle issued this output:
no rows selected
Now user audi
couldn’t query data from the ot.orders
anymore.
In this tutorial, you have learned how to use Oracle DROP ROLE
statement to delete a role from the database.