To manage the db, by default oracle installer would introduce some users, depending on the flavor of oracle db, like sys, sysdba, system, sysman, DBSNP; these users accounts would have DBA admin privileges.

The terms Oracle Users, database user, Oracle account and Oracle owner are synonymous.

As required DBA would would perform the following tasks:

• Server Hardware and Software
• Create, Open and maintenances of DB
• Backing up DB
• System Operation and securities, password managements .
• Allocating users privileges, assigning roles to the users and table spaces ( hardware spaces)
• Patching and tuning up the DB
• Up-scaling or moving to new versions etc.

• DBA : Admin roles,
  • Creating users and granting privileges to the users
  • Creating roles and grating to the users
  • managing schema objects
  • does not have the privileges to start and shut down the DB
  • Users like SYS, SYSTEM by default granted to open and close DB
  • SYS has SYSDBA privilege, and performs backup and recovery of the db
    • SYSDSBA : has full admin power.
    • SYSOPER :  can perform all operation, but can't access the users data.
  • SYSTEM can perform all SYS's operations except backing up or revering db.  
• Resources: Authorizes an user to create, modify and delete certain schema as an owner of the object. It is endowed with CREATE CLUSTER, CREATE INDEXTYPE, CREATE OPERATOR, CREATE PROCEDURE, CREATE SEQUENCE, CREATE TABLE, CREATE TRIGGER, CREATE TYPE.
• Connect : It is a basic role created when an admin creates an user, allowing the user to access the DB, but can't modify or create schema, unless the user acquirers "RESOURCE" privilege from the admins. ( please review this article " Oracle_Privileges1.htm").

• System privileges : There were 46 distinct system privileges listed in Oracle 11.2g documents, (System_Privileges.htm). Users with ANY key word can't access dictionary objects. FYI, Oracle version 6 had only three (CONNECT, RESOURCE, DBA) PRIVILEGES.
  • The user who can grant or revoke system privileges. "Only the instance administrator or a user with ADMIN privilege can grant or revoke system privileges" (Oracle 11.2 release quotes").
    • users with "ADMIN OPTION"
    • user with "GRANT ANY PRIVILEGE"
    • users with "GRANT ANY OBJECT PRIVILEGE"
• Object privileges : The operations, DELETE, EXECUTE, FLUSH, INDEX, INSERT, LOAD , REFERENCES , REFRESH , SELECT ,
  UNLOAD , UPDATE, are all object privileges.

Users with explicit object privileges and the SYSDBA can access dictionary objects.

Below is the properties of the user sys : Roles, and System Privileges

The user "Scott" has fewer roles but has system privileges

DBA :

• Small or Large!!
  • Small : the security administrator may be the only user with the privileges required to create, alter, or drop database users. 
  • Large: may be a number of administrators with privileges to manage database users.
•  User Authentication: Database users can be authenticated (verified as the correct person) by Oracle using the host operating system, network services, or the database.
• OS security: admin should have privileges to create or delete files
• Data Security (preferences) : eg. May use select or insert but not allowed to use Delete statement.

Must have an unique name.

You can create a role using either the SQL command CREATE ROLE, or the Create Role property sheet of Enterprise Manager.

The user like "security administrator" has the CREATE ROLE system privilege to create a role.

Granting Object Privileges :
    GRANT select, insert, delete ON emp TO jfee, tsmith;
INSERT Privileges:
     GRANT insert(ename, job) ON emp TO jfee, tsmith;
Granting ALL object privileges:
    GRANT ALL ON salary TO jfee;
Granting INSERT privileges: to a column
   GRANT INSERT (acct_no)ON accounts TO scott;