6-21. Secure Roles

It is possible to:

• Make a role nondefault: when the role is granted to a user, deselect the DEFAULT check box. The user must now explicitly enable the role before the role's privileges can be exercised. This is done by issuing SET ROLE ; command
• Have a role require addtional authentication: they can be password, external or global
• Create secure application roles that can be enabled only by executing a PL_SQL procedure successfully: The PL/SQL procedure can check things such as the user's network address, which program the user is running, time of day, or other elements needed to proerly secure a group of permissions. See http://www.dba-oracle.com/t_get_ip_address_utl_inaddr_sys_context.htm