Role-based access control and direct user permissions form the security policies that determine which users can access particular database groups and the actions that the users can perform. Database groups inherit security policies from their organizations.

Organization administrators define the security policies for their organization, including user roles, permissions, and privileges.

For example, an organization administrator creates a user role with permissions on database groups. These permissions include create database, take database snapshots, and start or stop database. Those roles and their associated permissions apply to each database group within the organization, and to each database within each database group.

Managing Users and Roles discusses the Data Director security model and explains how you can use roles for fine-grained permission management.