Page 574
Table 23.1 ContinuedPrivilege | Actions Allowed |
PUBLIC DATABASE LINK | |
CREATE PUBLIC DATABASE LINK | Create public database links. |
DROP PUBLIC DATABASE LINK | Drop public database links. |
PUBLIC SYNONYM | |
CREATE PUBLIC SYNONYM | Create public synonyms. |
DROP PUBLIC SYNONYM | Drop public synonyms. |
ROLE | |
CREATE ROLE | Create roles. |
ALTER ANY ROLE | Alter any role in the database. |
DROP ANY ROLE | Drop any role in the database. |
GRANT ANY ROLE | Grant any role in the database. |
ROLLBACK SEGMENT | |
CREATE ROLLBACK SEGMENT | Create rollback segments. |
ALTER ROLLBACK SEGMENT | Alter rollback segments. |
DROP ROLLBACK SEGMENT | Drop rollback segments. |
SESSION | |
CREATE SESSION | Connect to the database. |
ALTER SESSION | Issue ALTER SESSION statements. |
RESTRICTED SESSION | Connect when the database has been started using STARTUP RESTRICT. (The OSOPER and OSDBA roles contain this privilege.) |
SEQUENCE | |
CREATE SEQUENCE | Create a sequence in own schema. |
CREATE ANY SEQUENCE | Create any sequence in any schema. |
ALTER ANY SEQUENCE | Alter any sequence in any schema. |
DROP ANY SEQUENCE | Drop any sequence in any schema. |
SELECT ANY SEQUENCE | Reference any sequence in any schema. |
Page 575
Privilege | Actions Allowed |
SNAPSHOT | |
CREATE SNAPSHOT | Create snapshots in own schema. (User must also have the CREATE TABLE privilege.) |
CREATE SNAPSHOT | Create snapshots in any schema. (User must also have the CREATE ANY TABLE privilege.) |
ALTER SNAPSHOT | Alter any snapshot in any schema. |
DROP ANY SNAPSHOT | Drop any snapshot in any schema. |
SYNONYM | |
CREATE SYNONYM | Create a synonym in own schema. |
CREATE ANY SYNONYM | Create any synonym in any schema. |
DROP ANY SYNONYM | Drop any synonym in any schema. |
SYSTEM | |
ALTER SYSTEM | Issue ALTER SYSTEM statements. |
TABLE | |
CREATE TABLE |
Create tables in own schema. Also allows grantee
to create indexes (including those for integrity constraints) on table in own schema. (The
grantee must have a quota for the tablespace or the UNLIMITED TABLESPACE privilege.) |
CREATE ANY TABLE | Create tables in any schema. (If grantee has CREATE ANY TABLE privilege and creates a table in another user's schema, the owner must have space quota on that tablespace. The table owner need not have the CREATE [ANY] TABLE privilege.) |
ALTER ANY TABLE | Alter any table in any schema and compile any view in any schema. |
BACKUP ANY TABLE | Perform an incremental export using the Export utility of tables in any schema. |
DROP ANY TABLE | Drop or truncate any table in any schema. |
LOCK ANY TABLE | Lock any table or view in any schema. |
COMMENT ANY TABLE | Comment on any table, view, or column in any schema. |
SELECT ANY TABLE | Query any table, view, or snapshot in any schema. |
INSERT ANY TABLE | Insert rows into any table or view in any schema. |
continues
Page 576
Table 23.1 ContinuedPrivilege | Actions Allowed |
UPDATE ANY TABLE | Update rows in any table or view in any schema. |
DELETE ANY TABLE | Delete rows from any table or view in any schema. |
TABLESPACE | |
CREATE TABLESPACE | Create tablespaces; add files to the operating system via Oracle, regardless of the user's operating system privileges. |
ALTER TABLESPACE | Alter tablespaces; add files to the operating system via Oracle, regardless of the user's operating system privileges. |
MANAGE TABLESPACE | Take any tablespace offline, bring any tablespace online, and begin and end backups of any tablespace. |
DROP TABLESPACE | Drop tablespaces. |
UNLIMITED TABLESPACE | Use an unlimited amount of any tablespace. This privilege overrides any specific quotas assigned. If revoked, the grantee's schema objects remain but further tablespace allocation is denied unless allowed by specific tablespace quotas. This system privilege can be granted only to users and not to roles. In general, specific tablespace quotas are assigned instead of granting this system privilege. |
TRANSACTION | |
FORCE TRANSACTION | Force the commit or rollback of own in-doubt distributed transaction in the local database. |
FORCE ANY TRANSACTION | Force the commit or rollback of any in-doubt distributed transaction in the local database. |
TRIGGER | |
CREATE TRIGGER | Create a trigger in own schema. |
CREATE ANY TRIGGER | Create any trigger in any schema associated with any table in any schema. |
ALTER ANY TRIGGER | Enable, disable, or compile any trigger in any schema. |
DROP ANY TRIGGER | Drop any trigger in any schema. |
Page 577
Privilege | Actions Allowed |
USER | |
CREATE ANY USER | Create users; assign quotas on any tablespace, set default and temporary tablespaces, and assign a profile as part of a CREATE USER statement. |
BECOME ANY USER | Become another user. (Required by any user performing a full database import.) |
ALTER USER | Alter other users in an ALTER USER statement: change any user's password or authentication method, assign tablespace quotas, set default and temporary tablespaces, assign profiles and default roles. (Not required to alter own password.) |
DROP USER | Drop another user. |
VIEW | |
CREATE VIEW | Create a view in own schema. |
CREATE ANY VIEW | Create a view in any schema. To create a view in another user's schema, you must have CREATE ANY VIEW privileges, and the owner must have the required privileges on the objects referenced in the view. |
DROP ANY VIEW | Drop any view in any schema. |
You should give these privileges only to users who administer the database. Object privileges allow access to and maintenance of database objects; this category of privileges is for end-users. An object privilege (see Table 32.2) can be administered directly to the user, or the privilege can be granted to a role and then the role granted to the user.
Table 23.2 Object PrivilegesObject | SQL Statement Allowed |
ALTER | ALTER object (table or sequence). |
DELETE | DELETE FROM object (table or view). |
EXECUTE | EXECUTE object (procedure or function). References to public package variables. |
INDEX | CREATE INDEX ON object (tables only). |
INSERT | INSERT INTO object (table or view). |
continues