In one of your databases:

1.USER1 and USER2 have no system privileges.

2.ROLE1 only has these privileges:

?CREATE SESSION

?CREATE TABLE

?CREATE VIEW

Examine these commands:

SQL> conn / as sysdba

Connected.

SQL> GRANT create table, role1 TO user1 WITH ADMIN OPTION;

Grant succeeded.

SQL> conn user1/oracle_4U

Connected.

SQL> GRANT role1 TO user2;

Grant succeeded.

Which command would you execute and as which user, to revoke the create table privilege from USER2?

A)REVOKE CREATE TABLE FROM user2 as SYS

B)REVOKE CREATE TABLE FROM role1 as SYS

C)REVOKE CREATE TABLE FROM role1 as USER1

D)REVOKE CREATE TABLE FROM user1 as SYS

Answer: B

只有 sys 用户才能够从 role 中 revoke 权限，而 user1 只能把 role 授权给其它用户，或者从其它用户回收 role。