it will be great if Oracle can provide the capability to suppress a certain privilege within a database built-in role. For example, if a database account has been granted the DBA role....i would like revoke/deny from it the capability of create any user privilege.
SQL> grant DBA to user1;
SQL> revoke/deny create any user from user1;
so user1 will have all privileges granted under DBA role except "creating any user".