O'Reilly logo
  • francis shey thinks this is interesting:

Understanding role-based security

When our task is limited to granting permissions to a select few users, what we've learned this far using GRANT and REVOKE would likely suffice. However, a real-world security approach may require us to manage the grants of thousands of users for hundreds of database objects. Were we to use individual grants for each of these users, mistakes would likely be made. Certain users would not have the necessary permissions and, worse still, users may be granted higher access than they require. We need a way to ease this burden and make ma...