Develop Reference

Grant privileges on Roles but user cannot be granted

I have grant Roles for users and grant some privs on Roles:
--Grant roles for users
GRANT DataEntry TO John, Joe, Lynn;
GRANT Supervisor TO Fred;
GRANT Management TO Amy, Beth;
--Grant on table to roles
GRANT SELECT, INSERT, UPDATE ON Attendance TO DataEntry;
GRANT SELECT, DELETE ON Attendance TO Supervisor;
GRANT SELECT ON Attendance TO Management;
However, when I query to dba_sys_privs table and select on John user, for example, I do not have privs which DataEntry role have? What happened with that problem?

John has been granted the role, not the privileges of the role directly. John will be able to take advantage of those privileges through the role. This means that if you were to revoke the role from the user, Oracle wouldn't need to go back and figure out which privileges were obtained through the role and revoke those too - this would be a challenge as a user might be granted multiple roles that provide the say privilege. It is much more efficient for Oracle to check if a user has access to a necessary privilege at parse time (which doesn't happen often).
If you want to see all the table privileges a user is able to use then you would need to look at both dba_tab_privs and dba_role_privs. Remember that a role can be granted another role so you would need to do a recursive query to identify all of those too:
with grantees (schema) as
(Select username schema
from dba_users
where username = 'JOHN'
union all
select rp.granted_role
from grantees g
join dba_role_privs rp
on g.schema = rp.grantee
)
select *
from dba_tab_privs sp
where sp.grantee in (select g.schema from grantees g)

How to grant privileges to one user to access other users in Oracle?

There are 3 schemas: DEMO1, DEMO2, DEMO3
I want to grant DEMO1 permissions to perform all the operations on DEMO2 and not DEMO3.
ALL Operations means: Select, Update, Insert, Delete
How can I grant the privileges for that in Oracle SQL Developer?

You can't really do that. With many DDL privileges - as astentx pointed out - you either are constrained to what you own, or you can affect ANY table in the system, not just one other user. There's no middle ground unless you're also working with add-on enterprise products like Database Vault. If you're talking about DML (insert, update, delete of data), then grant the specific table privileges to a role and grant the role to DEMO1.
create role demo2_dml;
grant insert, update, delete on demo2.table_a to demo2_dml;
grant insert, update, delete on demo2.table_b to demo2_dml;
...
grant role demo2_dml to demo1;
alter user demo1 default role all;
Alternatively, if you must have DDL privileges as well, you could give DEMO1 proxy privileges to become DEMO2 and assume all of its privileges on its objects.
alter user demo2 grant connect through demo1;
Then connect using demo1[demo2] as the username, with demo1's password:
connect demo1[demo2]/demo1password#database_service
demo1 then becomes demo2 (without needing to know demo2's password) and can do anything demo2 would be able to do. demo1 would not have access to its own objects while doing this, however.

What Oracle dictionary table contains table privilege information?

For example, when I go to a table's properties in sql developer, I can see what are the users (owners) have been granted the access to this table.
If I want to use a query to find all these information for a group of tables and see what users have the access to them, which Oracle data dictionary table can I use?

That would be DBA_TAB_PRIVS for all objects or USER_TAB_PRIVS for the objects the current user is the owner, grantor, or grantee of.

A good thing with the dictionary is that you can select from it, literally. For example (which is kind of unreadable because I set columns to fit the screen; GUI is better for that):
SQL> select table_name, comments
2 from dictionary
3 where lower(comments) like '%grant%';
TABLE_NAME COMMENTS
-------------------- ------------------------------------------------------------
ALL_COL_PRIVS Grants on columns for which the user is the grantor, grantee
, owner,
or an enabled role or PUBLIC is the grantee
ALL_COL_PRIVS_MADE Grants on columns for which the user is owner or grantor
ALL_COL_PRIVS_RECD Grants on columns for which the user, PUBLIC or enabled role
is the grantee
ALL_TAB_PRIVS Grants on objects for which the user is the grantor, grantee
, owner,
or an enabled role or PUBLIC is the grantee
ALL_TAB_PRIVS_MADE User's grants and grants on user's objects
ALL_TAB_PRIVS_RECD Grants on objects for which the user, PUBLIC or enabled role
is the grantee
USER_AUDIT_STATEMENT Audit trail records concerning grant, revoke, audit, noaudi
t and alter system
USER_COL_PRIVS Grants on columns for which the user is the owner, grantor o
r grantee
USER_COL_PRIVS_MADE All grants on columns of objects owned by the user
USER_COL_PRIVS_RECD Grants on columns for which the user is the grantee
USER_ROLE_PRIVS Roles granted to current user
USER_SYS_PRIVS System privileges granted to current user
USER_TAB_PRIVS Grants on objects for which the user is the owner, grantor o
r grantee
USER_TAB_PRIVS_MADE All grants on objects owned by the user
USER_TAB_PRIVS_RECD Grants on objects for which the user is the grantee
COLUMN_PRIVILEGES Grants on columns for which the user is the grantor, grantee
, owner, or
an enabled role or PUBLIC is the grantee
ROLE_ROLE_PRIVS Roles which are granted to roles
ROLE_SYS_PRIVS System privileges granted to roles
ROLE_TAB_PRIVS Table privileges granted to roles
TABLE_PRIVILEGES Grants on objects for which the user is the grantor, grantee
, owner,
or an enabled role or PUBLIC is the grantee
20 rows selected.
SQL>

Oracle19c -Create Role User Under the Tablespace

Hello How I can Create Roles with
ReadOnly(Select any Tables under the tablespace)
And
InsertUpdateRoleOnly(To insert and update Data ,not delete)
Under My tablespace with local access this users?

Tables are owned by someone. The owner grants privileges to other users or to roles; in your case, it'll be a role. As the role doesn't depend on a tablespace (you mentioned), you'd create it as simple as
create role r_read_only;
Then, the owner would grant SELECT privilege on its tables to that role, e.g.
grant select on emp to r_read_only;
grant select on dept to r_read_only;
Such a role would be granted to other users, e.g.
grant r_read_only to littlefoot;
and user littlefoot will be able to select from those tables.
The same goes for your another role, no difference:
create role r_upd_ins;
grant insert, update on emp to r_upd_ins;
grant r_upd_ins to bigfoot;

Privileges cannot be granted at the tablespace level. You must grant privileges to specific tables. e.g:
create role read_data_role;
grant select on [owner].[table_name] to read_data_role;
create role update_data_role;
grant insert, update on [owner].[table_name] to update_data_role;
grant read_data_role, update_data_role to [username];

How can I enumerate the list of privileges granted to an Oracle role?

I have a homegrown Oracle role that was created long ago:
create role MyRole;
It's been granted the ability to select, insert, update, and delete from some tables and views.
grant select on sometable to MyRole;
grant insert on sometable to MyRole;
grant select on someothertable to MyRole;
-- etc.
How can I now enumerate the specific list of privileges that were granted to the role? I am interested in discovering the specific tables and the rights this role has with respect to each table. How can I recover this information?

You can simply search from data dictionary ROLE_TAB_PRIVS. And do like this
SELECT * FROM ROLE_TAB_PRIVS WHERE ROLE = 'MyRole';

this works well:
SELECT DBA_TAB_PRIVS.GRANTEE, TABLE_NAME, PRIVILEGE,DBA_ROLE_PRIVS.GRANTEE
FROM DBA_TAB_PRIVS, DBA_ROLE_PRIVS
WHERE DBA_TAB_PRIVS.GRANTEE = DBA_ROLE_PRIVS.GRANTED_ROLE
AND DBA_TAB_PRIVS.GRANTEE='<ENTER GROUP ROLE HERE>'
AND DBA_ROLE_PRIVS.GRANTEE = '<ENTER ROLE HERE>'
ORDER BY DBA_ROLE_PRIVS.GRANTEE