Unanswered: Nesting roles within roles - is it worthy ?
Can the Oracle DBA community comment of the practice of nesting one or more roles within another role. Said another way, the concept of creating "super-group" role and assigning "sub-group" roles beneath them.
Is this concidered to be good or bad practice ?
Would you consider this easy to maintain, and report on, would you concider this be effective for security and administration of security policies ?
Are there fundimental reasons you should not nest roles within Oracle 8i, 9i or 10i ?
Does anyone have war stories about this practice that they would kike to share ? Both good or bad, I'm tryign to be impartial.
Why am I asking this question ?
I've been told by my current chief to implement nested roles. He comes from an LDAP and OO nesting and inheritance background and thinks that this is a great way to manage our security policy. I'm not so enthusiastic. I find that a single flat level for granting roles to users works perfectly fine, yes more roles grants are necessary but that's what scripts are for.
So I'm throwing this out to the community for your opinion.