Manipulate user privileges and grant roles to other roles
As DBA, you can use the GRANT statement to grant role privileges to users. You can also give a user the option to grant privileges to other users. Use the WITH GRANT OPTION clause of the GRANT statement to do this.
GRANT rol1 TO usr1 WITH GRANT OPTION;The WITH GRANT OPTION clause is valid only for roles (and for access privileges) that you grant to users. The database server issues an error if you include the WITH GRANT OPTION keywords when the TO clause specifies a role, or when it specifies the PUBLIC group.
When you grant role privileges, you can substitute a role name for the user name in the GRANT statement. You can grant a role to another role. For example, say that role A is granted to role B. When a user enables role B, the user gets privileges from both role A and role B.
However, a cycle of role granting cannot be transitive. If role A is granted role B, and role B is granted role C, then granting C to A returns an error.
If you must change privileges, use the REVOKE statement to delete the existing privileges and then use the GRANT statement to add the new privileges.