List of Privileges That Can Be Granted to a User

download List of Privileges That Can Be Granted to a User

of 7

Transcript of List of Privileges That Can Be Granted to a User

  • 8/14/2019 List of Privileges That Can Be Granted to a User

    1/7

    PrivilegesList of privileges that can be granted to a user (or to a user role)

    clusters,contexts, database, links, dimensions, directories, indexes, materialized views,operators, outlines, procedures, profiles, roles, rollback segments, sequences, sessions, synonyms, tables, tablespaces, triggers, types, users and views...

    CREATE CLUSTER Create clusters in grantee's schemaCREATE ANY CLUSTER Create a cluster in any schema. Behaves similarly to CREATEANY TABLE.ALTER ANY CLUSTER Alter clusters in any schemaDROP ANY CLUSTER Drop clusters in any schema

    CONTEXTS:

    CREATE ANY CONTEXT Create any context namespaceDROP ANY CONTEXT Drop any context namespace

    DATABASE:

    ALTER DATABASE Alter the databaseALTER SYSTEM Issue ALTER SYSTEM statementsAUDIT SYSTEM Issue AUDIT sql_statements statements

    DATABASE LINKS:

    CREATE DATABASE LINK Create private database links in grantee's schemaCREATE PUBLIC DATABASE LINK Create public database linksDROP PUBLIC DATABASE LINK Drop public database links

    DEBUGGING:DEBUG CONNECT SESSION Connect the current session to a debugger that uses theJava Debug Wire Protocol (JDWP).DEBUG ANY PROCEDURE Debug all PL/SQL and Java code in any database object;displayinformation on all SQL statements executed by the application Note: Granting this

    privilege is equivalent to granting the DEBUG object privilege on all applicable objectsin the database.

    DIMENSIONS:CREATE DIMENSION Create dimensions in the grantee's schemaCREATE ANY DIMENSION Create dimensions in any schemaALTER ANY DIMENSION Alter dimensions in any schemaDROP ANY DIMENSION Drop dimensions in any schema

    http://ss64.com/ora/grant.htmlhttp://ss64.com/ora/grant.html
  • 8/14/2019 List of Privileges That Can Be Granted to a User

    2/7

    DIRECTORIESCREATE ANY DIRECTORY Create directory database objectsDROP ANY DIRECTORY Drop directory database objects

    INDEXTYPES:

    CREATE INDEXTYPE Create an indextype in the grantee's schemaCREATE ANY INDEXTYPE Create an indextype in any schemaALTER ANY INDEXTYPE Modify indextypes in any schemaDROP ANY INDEXTYPE Drop an indextype in any schemaEXECUTE ANY INDEXTYPE Reference an indextype in any schema

    INDEXES:

    CREATE ANY INDEX Create in any schema a domain index or an index on any table inany schemaALTER ANY INDEX Alter indexes in any schema

    DROP ANY INDEX Drop indexes in any schemaQUERY REWRITE Enable rewrite using a materialized view, or create a function-basedindex, when that materialized view or index references tables and views that are in thegrantee's own schemaGLOBAL QUERY REWRITE Enable rewrite using a materialized view, or create afunction-based index, when that materialized view or index references tables or views inany schema

    LIBRARIES:CREATE LIBRARY Create external procedure/function libraries in grantee's schemaCREATE ANY LIBRARY Create external procedure/function libraries in any schema

    DROP ANY LIBRARY Drop external procedure/function libraries in any schemaMATERIALIZED VIEWS:

    CREATE MATERIALIZED VIEW Create a materialized view in the grantee's schemaCREATE ANY MATERIALIZED VIEW Create materialized views in any schemaALTER ANY MATERIALIZED VIEW Alter materialized views in any schemaDROP ANY MATERIALIZED VIEW Drop materialized views in any schemaQUERY REWRITE Enable rewrite using a materialized view, or create a function-basedindex, when that materialized view or index references tables and views that are in thegrantee's own schema

    GLOBAL QUERY REWRITE Enable rewrite using a materialized view, or create afunction-based index, when that materialized view or index references tables or views inany schemaON COMMIT REFRESH Create a refresh-on-commit materialized view on any table inthe database Alter a refresh-on-demand materialized on any table in thedatabase torefresh-on-commitFLASHBACK ANY TABLE Issue a SQL flashback query on any table, view, or

  • 8/14/2019 List of Privileges That Can Be Granted to a User

    3/7

    materialized view in any schema. (This privilege is not needed to execute theDBMS_FLASHBACK procedures.)

    OPERATORS:

    CREATE OPERATOR Create an operator and its bindings in the grantee's schemaCREATE ANY OPERATOR Create an operator and its bindings in any schemaDROP ANY OPERATOR Drop an operator in any schemaEXECUTE ANY OPERATOR Reference an operator in any schema

    OUTLINES:

    CREATE ANY OUTLINE Create public outlines that can be used in any schema thatuses outlinesALTER ANY OUTLINE Modify outlinesDROP ANY OUTLINE Drop outlines

    PROCEDURES:

    CREATE PROCEDURE Create stored procedures, functions, and packages in grantee'sschemaCREATE ANY PROCEDURE Create stored procedures, functions, and packages in anyschemaALTER ANY PROCEDURE Alter stored procedures, functions, or packages in anyschemaDROP ANY PROCEDURE Drop stored procedures, functions, or packages in anyschema

    EXECUTE ANY PROCEDURE Execute procedures or functions (standalone or packaged) Reference public package variables in any schema

    PROFILES:

    CREATE PROFILE Create profilesALTER PROFILE Alter profilesDROP PROFILE Drop profiles

    ROLES:

    CREATE ROLE Create rolesALTER ANY ROLE Alter any role in the databaseDROP ANY ROLE Drop rolesGRANT ANY ROLE Grant any role in the database

    ROLLBACK SEGMENTS:

  • 8/14/2019 List of Privileges That Can Be Granted to a User

    4/7

    CREATE ROLLBACK SEGMENT Create rollback segmentsALTER ROLLBACK SEGMENT Alter rollback segmentsDROP ROLLBACK SEGMENT Drop rollback segments

    SEQUENCES:

    CREATE SEQUENCE Create sequences in grantee's schemaCREATE ANY SEQUENCE Create sequences in any schemaALTER ANY SEQUENCE Alter any sequence in the databaseDROP ANY SEQUENCE Drop sequences in any schemaSELECT ANY SEQUENCE Reference sequences in any schema

    SESSIONS:

    CREATE SESSION Connect to the databaseALTER RESOURCE COST Set costs for session resources

    ALTER SESSION Issue ALTER SESSION statementsRESTRICTED SESSION Logon after the instance is started using the SQL*PlusSTARTUP RESTRICT statement

    SYNONYMS:

    CREATE SYNONYM Create synonyms in grantee's schemaCREATE ANY SYNONYM Create private synonyms in any schemaCREATE PUBLIC SYNONYM Create public synonymsDROP ANY SYNONYM Drop private synonyms in any schemaDROP PUBLIC SYNONYM Drop public synonyms

    TABLES:

    Note: For external tables, the only valid privileges are CREATE ANY TABLE, ALTER ANY TABLE, DROP ANY TABLE, and SELECT ANY TABLE.CREATE TABLE Create tables in grantee's schemaCREATE ANY TABLE Create tables in any schema. The owner of the schema containingthe table must have space quota on the tablespace to contain the table.ALTER ANY TABLE Alter any table or view in any schemaBACKUP ANY TABLE Use the Export utility to incrementally export objects from the

    schema of other usersDELETE ANY TABLE Delete rows from tables, table partitions, or views in any schemaDROP ANY TABLE Drop or truncate tables or table partitions in any schemaINSERT ANY TABLE Insert rows into tables and views in any schemaLOCK ANY TABLE Lock tables and views in any schemaSELECT ANY TABLE Query tables, views, or materialized views in any schemaFLASHBACK ANY TABLE Issue a SQL flashback query on any table, view, or materialized view in any schema. (This privilege is not needed to execute the

  • 8/14/2019 List of Privileges That Can Be Granted to a User

    5/7

    DBMS_FLASHBACK procedures.)UPDATE ANY TABLE Update rows in tables and views in any schema

    TABLESPACES:

    CREATE TABLESPACE Create tablespacesALTER TABLESPACE Alter tablespacesDROP TABLESPACE Drop tablespacesMANAGE TABLESPACE Take tablespaces offline and online and begin and endtablespace backupsUNLIMITED TABLESPACE Use an unlimited amount of any tablespace. This privilegeoverrides any specific quotas assigned. If you revoke this privilege from a user, then theuser's schema objects remain but further tablespace allocation is denied unless authorized

    by specific tablespace quotas. You cannot grant this system privilege to roles.

    TRIGGERS:

    CREATE TRIGGER Create a database trigger in grantee's schemaCREATE ANY TRIGGER Create database triggers in any schemaALTER ANY TRIGGER Enable, disable, or compile database triggers in any schemaDROP ANY TRIGGER Drop database triggers in any schemaADMINISTER DATABASE TRIGGER Create a trigger on DATABASE. (You must alsohave the CREATE TRIGGER or CREATE ANY TRIGGER privilege.)

    TYPES:

    CREATE TYPE Create object types and object type bodies in grantee's schema

    CREATE ANY TYPE Create object types and object type bodies in any schemaALTER ANY TYPE Alter object types in any schemaDROP ANY TYPE Drop object types and object type bodies in any schemaEXECUTE ANY TYPE Use and reference object types and collection types in anyschema, and invoke methods of an object type in any schema if you make the grant to aspecific user. If you grant EXECUTE ANY TYPE to a role, then users holding theenabled role will not be able to invoke methods of an object type in any schema.UNDER ANY TYPE Create subtypes under any nonfinal object types.

    USERS:

    CREATE USER Create users. This privilege also allows the creator to: Assign quotas onany tablespace, Set default and temporary tablespaces, Assign a profile as part of aCREATE USER statementALTER USER Alter any user. This privilege authorizes the grantee to:Change another user's password or authentication method, Assign quotas on any tablespace, Set defaultand temporary tablespaces, Assign a profile and default rolesBECOME USER Become another user. (Required by any user performing a fulldatabase

  • 8/14/2019 List of Privileges That Can Be Granted to a User

    6/7

    import.)DROP USER Drop users

    VIEWS:

    CREATE VIEW Create views in grantee's schemaCREATE ANY VIEW Create views in any schemaDROP ANY VIEW Drop views in any schemaUNDER ANY VIEW Create subviews under any object viewsFLASHBACK ANY TABLE Issue a SQL flashback query on any table, view, or materialized view in any schema. (This privilege is not needed to execute theDBMS_FLASHBACK procedures.)

    MISCELLANEOUS:

    ANALYZE ANY Analyze any table, cluster, or index in any schema

    AUDIT ANY Audit any object in any schema using AUDIT schema_objects statementsCOMMENT ANY TABLE Comment on any table, view, or column in any schemaEXEMPT ACCESS POLICY Bypass fine-grained access controlCaution: This is a very powerful system privilege, as it lets the grantee bypassapplication-driven security policies.FORCE ANY TRANSACTION Force the commit or rollback of any in-doubt distributedtransaction in the local database, Induce the failure of a distributed transactionFORCE TRANSACTION Force the commit or rollback of grantee's in-doubt distributedtransactions in the local databaseGRANT ANY OBJECT PRIVILEGE Grant any object privilege. Revoke any object

    privilege that was granted by the object owner or by some other user with the GRANT

    ANY OBJECT PRIVILEGE privilegeGRANT ANY PRIVILEGE Grant any system privilegeRESUMABLE Enable resumable space allocationSELECT ANY DICTIONARY Query any data dictionary object in the SYS schema. This

    privilege lets you selectively override the default FALSE setting of theO7_DICTIONARY_ACCESSIBILITY initialization parameter.

    "A people that values its privileges above it's principles soon loses both" - Dwight D. Eisenhower

    Related Commands:

    AUDITCREATE ROLE CREATE USER GRANT REVOKE ORA-01031 - Insufficient privileges

    http://www.whitehouse.gov/history/presidents/de34.htmlhttp://www.whitehouse.gov/history/presidents/de34.htmlhttp://ss64.com/ora/audit.htmlhttp://ss64.com/ora/role_c.htmlhttp://ss64.com/ora/user_c.htmlhttp://ss64.com/ora/grant.htmlhttp://ss64.com/ora/revoke.htmlhttp://www.whitehouse.gov/history/presidents/de34.htmlhttp://www.whitehouse.gov/history/presidents/de34.htmlhttp://ss64.com/ora/audit.htmlhttp://ss64.com/ora/role_c.htmlhttp://ss64.com/ora/user_c.htmlhttp://ss64.com/ora/grant.htmlhttp://ss64.com/ora/revoke.html
  • 8/14/2019 List of Privileges That Can Be Granted to a User

    7/7

    Related Views:

    DBA_COL_PRIVS ALL_COL_PRIVS USER_COL_PRIVS COLUMN_PRIVILEGES

    ALL_COL_PRIVS_MADE USER_COL_PRIVS_MADE

    ALL_COL_PRIVS_RECD USER_COL_PRIVS_RECD DBA_ROLE_PRIVS USER_ROLE_PRIVS ROLE_ROLE_PRIVS DBA_SYS_PRIVS USER_SYS_PRIVS ROLE_SYS_PRIVS SESSION_PRIVS DBA_TAB_PRIVS ALL_TAB_PRIVS USER_TAB_PRIVSTABLE_PRIVILEGES ROLE_TAB_PRIVS

    ALL_TAB_PRIVS_MADE USER_TAB_PRIVS_MADE ALL_TAB_PRIVS_RECD USER_TAB_PRIVS_RECD

    http://ss64.com/orad/DBA_COL_PRIVS.htmlhttp://ss64.com/orad/ALL_COL_PRIVS.htmlhttp://ss64.com/orad/USER_COL_PRIVS.htmlhttp://ss64.com/orad/COLUMN_PRIVILEGES.htmlhttp://ss64.com/orad/ALL_COL_PRIVS_MADE.htmlhttp://ss64.com/orad/USER_COL_PRIVS_MADE.htmlhttp://ss64.com/orad/ALL_COL_PRIVS_RECD.htmlhttp://ss64.com/orad/USER_COL_PRIVS_RECD.htmlhttp://ss64.com/orad/DBA_ROLE_PRIVS.htmlhttp://ss64.com/orad/USER_ROLE_PRIVS.htmlhttp://ss64.com/orad/ROLE_ROLE_PRIVS.htmlhttp://ss64.com/orad/DBA_SYS_PRIVS.htmlhttp://ss64.com/orad/USER_SYS_PRIVS.htmlhttp://ss64.com/orad/ROLE_SYS_PRIVS.htmlhttp://ss64.com/orad/SESSION_PRIVS.htmlhttp://ss64.com/orad/DBA_TAB_PRIVS.htmlhttp://ss64.com/orad/ALL_TAB_PRIVS.htmlhttp://ss64.com/orad/USER_TAB_PRIVS.htmlhttp://ss64.com/orad/TABLE_PRIVILEGES.htmlhttp://ss64.com/orad/ROLE_TAB_PRIVS.htmlhttp://ss64.com/orad/ALL_TAB_PRIVS_MADE.htmlhttp://ss64.com/orad/USER_TAB_PRIVS_MADE.htmlhttp://ss64.com/orad/ALL_TAB_PRIVS_RECD.htmlhttp://ss64.com/orad/USER_TAB_PRIVS_RECD.htmlhttp://ss64.com/orad/DBA_COL_PRIVS.htmlhttp://ss64.com/orad/ALL_COL_PRIVS.htmlhttp://ss64.com/orad/USER_COL_PRIVS.htmlhttp://ss64.com/orad/COLUMN_PRIVILEGES.htmlhttp://ss64.com/orad/ALL_COL_PRIVS_MADE.htmlhttp://ss64.com/orad/USER_COL_PRIVS_MADE.htmlhttp://ss64.com/orad/ALL_COL_PRIVS_RECD.htmlhttp://ss64.com/orad/USER_COL_PRIVS_RECD.htmlhttp://ss64.com/orad/DBA_ROLE_PRIVS.htmlhttp://ss64.com/orad/USER_ROLE_PRIVS.htmlhttp://ss64.com/orad/ROLE_ROLE_PRIVS.htmlhttp://ss64.com/orad/DBA_SYS_PRIVS.htmlhttp://ss64.com/orad/USER_SYS_PRIVS.htmlhttp://ss64.com/orad/ROLE_SYS_PRIVS.htmlhttp://ss64.com/orad/SESSION_PRIVS.htmlhttp://ss64.com/orad/DBA_TAB_PRIVS.htmlhttp://ss64.com/orad/ALL_TAB_PRIVS.htmlhttp://ss64.com/orad/USER_TAB_PRIVS.htmlhttp://ss64.com/orad/TABLE_PRIVILEGES.htmlhttp://ss64.com/orad/ROLE_TAB_PRIVS.htmlhttp://ss64.com/orad/ALL_TAB_PRIVS_MADE.htmlhttp://ss64.com/orad/USER_TAB_PRIVS_MADE.htmlhttp://ss64.com/orad/ALL_TAB_PRIVS_RECD.htmlhttp://ss64.com/orad/USER_TAB_PRIVS_RECD.html