Granting and Revoking Access Rights
Once you have entered or changed authorization definitions in the repository, the corresponding grants need to be updated in the database server. You can either have the Authorizer send these updates directly to the database, or put them in a script file. If you choose the second possibility, you must process the file by means of your RDBMS vendor's middleware.
The rights that you define in the repository are checked by USoft Developer's conceptual processor from the moment they are saved. End-users of USoft applications, therefore, can never bypass these security measures. However, if you do not generate these rights in the database server, it would be possible for them to access the database directly by means of the RDBMS vendor's middleware.
When generating scripts, the database is checked to see if certain roles already exist. If so, they are not generated. This means that a generated script can only be run once.
To be able to Update the Application Rights on Oracle, you need the CREATE ROLE and DROP ANY ROLE privileges
Always remember that there is more than one way to obtain the same result. From situation to situation, take the approach that involves the least typing: