Listings of System and Object Privileges--系統和物件許可權列表
Listings of System and Object Privileges--系統和物件許可權列表
Listings of System and Object Privileges
Note:
When you grant a privilege on ANY object, such as CREATE ANY CLUSTER, the result is determined by the value of the O7_DICTIONARY_ACCESSIBILITY initialization parameter. By default, this parameter is set to FALSE, so that ANY privileges give the grantee access to that type of object in all schemas except the SYS schema. If you set O7_DICTIONARY_ACCESSIBILITY toTRUE, then the ANY privileges also give the grantee access, in the SYS schema, to all objects except Oracle Scheduler objects. For security reasons, Oracle recommends that you use this setting only with great caution.Table 18-1 System Privileges (Organized by the Database Object Operated Upon)
System Privilege Name | Operations Authorized |
---|---|
Advisor Framework Privileges: All of the advisor framework privileges are part of the DBA role. |
— |
ADVISOR |
Access the advisor framework through PL/SQL packages such as DBMS_ADVISOR andDBMS_SQLTUNE. Refer to Oracle Database PL/SQL Packages and Types Reference for information on these packages. |
ADMINISTER SQL TUNING SET |
Create, drop, select (read), load (write), and delete a SQL tuning set owned by the grantee through the DBMS_SQLTUNE package. |
ADMINISTER ANY SQL TUNING SET |
Create, drop, select (read), load (write), and delete a SQL tuning set owned by any user through the DBMS_SQLTUNE package. |
CREATE ANY SQL PROFILE |
Accept a SQL Profile recommended by the SQL Tuning Advisor, which is accessed through Enterprise Manager or by the DBMS_SQLTUNE package. Note: This privilege has been deprecated in favor of ADMINISTER SQL MANAGEMENT OBJECT. |
ALTER ANY SQL PROFILE |
Alter the attributes of an existing SQL Profile. Note: This privilege has been deprecated in favor of ADMINISTER SQL MANAGEMENT OBJECT. |
DROP ANY SQL PROFILE |
Drop an existing SQL Profile. Note: This privilege has been deprecated in favor of ADMINISTER SQL MANAGEMENT OBJECT. |
ADMINISTER SQL MANAGEMENT OBJECT |
Create, alter, and drop a SQL Profile owned by any user through the DBMS_SQLTUNE package. |
CLUSTERS: |
— |
CREATE CLUSTER |
Create clusters in the grantee's schema. |
CREATE ANY CLUSTER |
Create a cluster in any schema. Behaves similarly to CREATE ANY TABLE. |
ALTER ANY CLUSTER |
Alter clusters in any schema. |
DROP ANY CLUSTER |
Drop clusters in any schema. |
CONTEXTS: |
— |
CREATE ANY CONTEXT |
Create any context namespace. |
DROP ANY CONTEXT |
Drop any context namespace. |
DATA REDACTION: |
— |
EXEMPT REDACTION POLICY |
Bypass any existing Oracle Data Redaction policies and view actual data from tables or views on which Data Redaction policies are defined. Note: This privilege is available starting with Oracle Database 11g Release 2 (11.2.0.4). |
DATABASE: |
— |
ALTER DATABASE |
Alter the database. |
ALTER SYSTEM |
Issue ALTER SYSTEM statements. |
AUDIT SYSTEM |
Issue AUDIT statements. |
DATABASE LINKS: |
— |
CREATE DATABASE LINK |
Create private database links in the grantee's schema. |
CREATE PUBLIC DATABASE LINK |
Create public database links. |
ALTER DATABASE LINK |
Modify a fixed-user database link when the password of the connection or authentication user changes. |
ALTER PUBLIC DATABASE LINK |
Modify a public fixed-user database link when the password of the connection or authentication user changes. |
DROP PUBLIC DATABASE LINK |
Drop public database links. |
DEBUGGING: |
— |
DEBUG CONNECT SESSION |
Connect the current session to a debugger. |
DEBUG ANY PROCEDURE |
Debug all PL/SQL and Java code in any database object. Display information on all SQL statements executed by the application. Note: Granting this privilege is equivalent to granting the DEBUG object privilege on all applicable objects in the database. |
DICTIONARIES: |
— |
ANALYZE ANY DICTIONARY |
Analyze any data dictionary object. |
DIMENSIONS: |
— |
CREATE DIMENSION |
Create dimensions in the grantee's schema. |
CREATE ANY DIMENSION |
Create dimensions in any schema. |
ALTER ANY DIMENSION |
Alter dimensions in any schema. |
DROP ANY DIMENSION |
Drop dimensions in any schema. |
DIRECTORIES: |
— |
CREATE ANY DIRECTORY |
Create directory database objects. |
DROP ANY DIRECTORY |
Drop directory database objects. |
EDITIONS: |
— |
CREATE ANY EDITION |
Create editions. |
DROP ANY EDITION |
Drop editions. |
FLASHBACK DATA ARCHIVES: |
— |
FLASHBACK ARCHIVE ADMINISTER |
Create, alter, or drop any flashback data archive. |
INDEXES: |
— |
CREATE ANY INDEX |
Create in any schema a domain index or an index on any table in any schema. |
ALTER ANY INDEX |
Alter indexes in any schema. |
DROP ANY INDEX |
Drop indexes in any schema. |
INDEXTYPES: |
— |
CREATE INDEXTYPE |
Create an indextype in the grantee's schema. |
CREATE ANY INDEXTYPE |
Create an indextype in any schema and create a comment on an indextype in any schema. |
ALTER ANY INDEXTYPE |
Modify indextypes in any schema. |
DROP ANY INDEXTYPE |
Drop an indextype in any schema. |
EXECUTE ANY INDEXTYPE |
Reference an indextype in any schema. |
JOB SCHEDULER OBJECTS: |
The following privileges are needed to execute procedures in the DBMS_SCHEDULER package. This privileges do not apply to lightweight jobs, which are not database objects. Refer to for more information about lightweight jobs. |
CREATE JOB |
Create jobs, schedules, or programs in the grantee's schema. |
CREATE ANY JOB |
Create, alter, or drop jobs, chains, schedules, programs, or credentials in any schema exceptSYS. Caution: This extremely powerful privilege allows the grantee to execute code as any other user. It should be granted with caution. |
CREATE EXTERNAL JOB |
Create in the grantee's schema an executable scheduler job that runs on the operating system. |
EXECUTE ANY PROGRAM |
Use any program in a job in the grantee's schema. |
EXECUTE ANY CLASS |
Specify any job class in a job in the grantee's schema. |
MANAGE SCHEDULER |
Create, alter, or drop any job class, window, or window group. |
LIBRARIES: |
Caution: CREATE LIBARARY, CREATE ANY LIBRARY, ALTER ANY LIBRARY, and EXECUTE ANYLIBRARY are extremely powerful privileges that should be granted only to trusted users. Refer toOracle Database Security Guide before granting these privileges. |
CREATE LIBRARY |
Create external procedure or function libraries in the grantee's schema. |
CREATE ANY LIBRARY |
Create external procedure or function libraries in any schema. |
ALTER ANY LIBRARY |
Alter external procedure or function libraries in any schema. |
DROP ANY LIBRARY |
Drop external procedure or function libraries in any schema. |
EXECUTE ANY LIBRARY |
Use external procedure or function libraries in any schema. |
MATERIALIZED VIEWS: |
— |
CREATE MATERIALIZED VIEW |
Create a materialized view in the grantee's schema. |
CREATE ANY MATERIALIZED VIEW |
Create materialized views in any schema. |
ALTER ANY MATERIALIZED VIEW |
Alter materialized views in any schema. |
DROP ANY MATERIALIZED VIEW |
Drop materialized views in any schema. |
QUERY REWRITE |
This privilege has been deprecated. No privileges are needed for a user to enable rewrite for a materialized view that references tables or views in the user's own schema. |
GLOBAL QUERY REWRITE |
Enable rewrite using a materialized view when that materialized view references tables or views in any schema. |
ON COMMIT REFRESH |
Create a refresh-on-commit materialized view on any table in the database. Alter a refresh-on-demand materialized on any table in the database to refresh-on-commit. |
FLASHBACK ANY TABLE |
Issue a SQL Flashback Query on any table, view, or materialized view in any schema. This privilege is not needed to execute the DBMS_FLASHBACK procedures. |
MINING MODELS: |
— |
CREATE MINING MODEL |
Create mining models in the grantee's schema using the DBMS_DATA_MINING.CREATE_MODELprocedure. |
CREATE ANY MINING MODEL |
Create mining models in any schema using the DBMS_DATA_MINING.CREATE_MODEL procedure. |
ALTER ANY MINING MODEL |
Change the mining model name or the associated cost matrix of any model in any schema by using the applicable DBMS_DATA_MINING procedures. |
DROP ANY MINING MODEL |
Drop any mining model in any schema by using the DBMS_DATA_MINING.DROP_MODELprocedure. |
SELECT ANY MINING MODEL |
Score or view any model in any schema. Scoring is done either with the PREDICTION family of SQL functions or with the DBMS_DATA_MINING.APPLY procedure. Viewing the model is done with the DBMS_DATA_MINING.GET_MODEL_DETAILS_* procedures. |
COMMENT ANY MINING MODEL |
Create a comment on any model in any schema using the SQL COMMENT statement. |
OLAP CUBES: |
The following privileges are valid when you are using Oracle Database with the OLAP option. |
CREATE CUBE |
Create an OLAP cube in the grantee's schema. |
CREATE ANY CUBE |
Create an OLAP cube in any schema. |
Alter an OLAP cube in any schema. |
|
DROP ANY CUBE |
Drop any OLAP cube in any schema. |
SELECT ANY CUBE |
Query or view any OLAP cube in any schema. |
UPDATE ANY CUBE |
Update any cube in any schema. |
OLAP CUBE MEASURE FOLDERS: |
The following privileges are valid when you are using Oracle Database with the OLAP option. |
CREATE MEASURE FOLDER |
Create an OLAP measure folder in the grantee's schema. |
CREATE ANY MEASURE FOLDER |
Create an OLAP measure folder in any schema. |
DELETE ANY MEASURE FOLDER |
Delete from any OLAP measure folder in any schema. |
DROP ANY MEASURE FOLDER |
Drop any measure folder in any schema. |
INSERT ANY MEASURE FOLDER |
Insert a measure into any measure folder in any schema. |
OLAP CUBE DIMENSIONS: |
The following privileges are valid when you are using Oracle Database with the OLAP option. |
CREATE CUBE DIMENSION |
Create an OLAP cube dimension in the grantee's schema. |
CREATE ANY CUBE DIMENSION |
Create an OLAP cube dimension in any schema. |
ALTER ANY CUBE DIMENSION |
Alter an OLAP cube dimension in any schema. |
DELETE ANY CUBE DIMENSION |
Delete from an OLAP cube dimension in any schema. |
DROP ANY CUBE DIMENSION |
Drop an OLAP cube dimension in any schema. |
INSERT ANY CUBE DIMENSION |
Insert into an OLAP cube dimension in any schema. |
SELECT ANY CUBE DIMENSION |
View or query an OLAP cube dimension in any schema. |
UPDATE ANY CUBE DIMENSION |
Update an OLAP cube dimension in any schema. |
OLAP CUBE BUILD PROCESSES: |
— |
CREATE CUBE BUILD PROCESS |
Create an OLAP cube build process in the grantee's schema. |
CREATE ANY CUBE BUILD PROCESS |
Create an OLAP cube build process in any schema. |
DROP ANY CUBE BUILD PROCESS |
Drop an OLAP cube build process in any schema. |
UPDATE ANY CUBE BUILD PROCESS |
Update an OLAP cube build process in any schema. |
OPERATORS: |
— |
CREATE OPERATOR |
Create an operator and its bindings in the grantee's schema. |
CREATE ANY OPERATOR |
Create an operator and its bindings in any schema and create a comment on an operator in any schema. |
ALTER ANY OPERATOR |
Modify an operator in any schema. |
DROP ANY OPERATOR |
Drop an operator in any schema. |
EXECUTE ANY OPERATOR |
Reference an operator in any schema. |
OUTLINES: |
— |
CREATE ANY OUTLINE |
Create public outlines that can be used in any schema that uses outlines. |
ALTER ANY OUTLINE |
Modify outlines. |
DROP ANY OUTLINE |
Drop outlines. |
PLAN MANAGEMENT: |
— |
ADMINISTER SQL MANAGEMENT OBJECT |
Perform controlled manipulation of plan history and SQL plan baselines maintained for various SQL statements. |
PROCEDURES: |
— |
CREATE PROCEDURE |
Create stored procedures, functions, and packages in the grantee's schema. |
CREATE ANY PROCEDURE |
Create stored procedures, functions, and packages in any schema. |
ALTER ANY PROCEDURE |
Alter stored procedures, functions, or packages in any schema. |
DROP ANY PROCEDURE |
Drop stored procedures, functions, or packages in any schema. |
EXECUTE ANY PROCEDURE |
Execute procedures or functions, either standalone or packaged. Reference public package variables in any schema. |
PROFILES: |
— |
CREATE PROFILE |
Create profiles. |
ALTER PROFILE |
Alter profiles. |
DROP PROFILE |
Drop profiles. |
ROLES: |
— |
CREATE ROLE |
Create roles. |
ALTER ANY ROLE |
Alter any role in the database. |
DROP ANY ROLE |
Drop roles. |
GRANT ANY ROLE |
Grant any role in the database. |
ROLLBACK SEGMENTS: |
— |
CREATE ROLLBACK SEGMENT |
Create rollback segments. |
ALTER ROLLBACK SEGMENT |
Alter rollback segments. |
DROP ROLLBACK SEGMENT |
Drop rollback segments. |
SEQUENCES: |
— |
CREATE SEQUENCE |
Create sequences in the grantee's schema. |
CREATE ANY SEQUENCE |
Create sequences in any schema. |
ALTER ANY SEQUENCE |
Alter any sequence in the database. |
DROP ANY SEQUENCE |
Drop sequences in any schema. |
SELECT ANY SEQUENCE |
Reference sequences in any schema. |
SESSIONS: |
— |
CREATE SESSION |
Connect to the database. |
ALTER RESOURCE COST |
Set costs for session resources. |
ALTER SESSION |
Enable and disable the SQL trace facility. |
RESTRICTED SESSION |
Logon after the instance is started using the SQL*Plus STARTUP RESTRICT statement. |
SNAPSHOTS: |
See MATERIALIZED VIEWS |
SYNONYMS: |
Caution: CREATE PUBLIC SYNONYM and DROP PUBLIC SYNONYM are extremely powerful privileges that should be granted only to trusted users. Refer to Oracle Database Security Guide before granting these privileges. |
CREATE SYNONYM |
Create synonyms in the grantee's schema. |
CREATE ANY SYNONYM |
Create private synonyms in any schema. |
CREATE PUBLIC SYNONYM |
Create public synonyms. |
DROP ANY SYNONYM |
Drop private synonyms in any schema. |
DROP PUBLIC SYNONYM |
Drop public synonyms. |
TABLES: |
Note: For external tables, the only valid privileges are CREATE ANY TABLE, ALTER ANY TABLE,DROP ANY TABLE, and SELECT ANY TABLE. |
CREATE TABLE |
Create a table in the grantee's schema. |
CREATE ANY TABLE |
Create a table in any schema. The owner of the schema containing the table must have space quota on the tablespace to contain the table. |
ALTER ANY TABLE |
Alter any table or view in any schema. |
BACKUP ANY TABLE |
Use the Export utility to incrementally export objects from the schema of other users. |
DELETE ANY TABLE |
Delete rows from tables, table partitions, or views in any schema. |
DROP ANY TABLE |
Drop or truncate tables or table partitions in any schema. |
INSERT ANY TABLE |
Insert rows into tables and views in any schema. |
LOCK ANY TABLE |
Lock tables and views in any schema. |
SELECT ANY TABLE |
Query tables, views, or materialized views in any schema. |
FLASHBACK ANY TABLE |
Issue a SQL Flashback Query on any table, view, or materialized view in any schema. This privilege is not needed to execute the DBMS_FLASHBACK procedures. |
UPDATE ANY TABLE |
Update rows in tables and views in any schema. |
TABLESPACES: |
— |
CREATE TABLESPACE |
Create tablespaces. |
ALTER TABLESPACE |
Alter tablespaces. |
DROP TABLESPACE |
Drop tablespaces. |
MANAGE TABLESPACE |
Take tablespaces offline and online and begin and end tablespace backups. |
UNLIMITED TABLESPACE |
Use an unlimited amount of any tablespace. This privilege overrides any specific quotas assigned. If you revoke this privilege from a user, then the user's schema objects remain but further tablespace allocation is denied unless authorized by specific tablespace quotas. You cannot grant this system privilege to roles. |
TRIGGERS: |
— |
CREATE TRIGGER |
Create a database trigger in the grantee's schema. |
CREATE ANY TRIGGER |
Create database triggers in any schema. |
ALTER ANY TRIGGER |
Enable, disable, or compile database triggers in any schema. |
DROP ANY TRIGGER |
Drop database triggers in any schema. |
ADMINISTER DATABASE TRIGGER |
Create a trigger on DATABASE. You must also have the CREATE TRIGGER or CREATE ANYTRIGGER system privilege. |
TYPES: |
— |
CREATE TYPE |
Create object types and object type bodies in the grantee's schema. |
CREATE ANY TYPE |
Create object types and object type bodies in any schema. |
ALTER ANY TYPE |
Alter object types in any schema. |
DROP ANY TYPE |
Drop object types and object type bodies in any schema. |
EXECUTE ANY TYPE |
Use and reference object types and collection types in any schema, and invoke methods of an object type in any schema if you make the grant to a specific user. If you grant EXECUTE ANYTYPE to a role, then users holding the enabled role will not be able to invoke methods of an object type in any schema. |
UNDER ANY TYPE |
Create subtypes under any nonfinal object types. |
USERS: |
— |
CREATE USER |
Create users. This privilege also allows the creator to:
|
ALTER USER |
Alter any user. This privilege authorizes the grantee to:
|
DROP USER |
Drop users |
VIEWS: |
— |
CREATE VIEW |
Create views in the grantee's schema. |
CREATE ANY VIEW |
Create views in any schema. |
DROP ANY VIEW |
Drop views in any schema. |
UNDER ANY VIEW |
Create subviews under any object views. |
FLASHBACK ANY TABLE |
Issue a SQL Flashback Query on any table, view, or materialized view in any schema. This privilege is not needed to execute the DBMS_FLASHBACK procedures. |
MERGE ANY VIEW |
If a user has been granted the MERGE ANY VIEW privilege, then for any query issued by that user, the optimizer can use view merging to improve query performance without performing the checks that would otherwise be performed to ensure that view merging does not violate any security intentions of the view creator. See also Oracle Database Reference for information on the parameter and for information on view merging. |
MISCELLANEOUS: |
— |
ANALYZE ANY |
Analyze any table, cluster, or index in any schema. |
AUDIT ANY |
Audit any object in any schema using AUDIT schema_objects statements. |
BECOME USER |
Allows users of the Data Pump Import utility (impdp) and the original Import utility (imp) to assume the identity of another user in order to perform operations that cannot be directly performed by a third party (for example, loading objects such as object privilege grants). Allows Streams administrators to create or alter capture users and apply users in a Streams environment. By default this privilege is part of the DBA role. Database Vault removes this privileges from the DBA role. Therefore, this privilege is needed by Streams only in an environment where Database Vault is installed. |
CHANGE NOTIFICATION |
Create a registration on queries and receive database change notifications in response to DML or DDL changes to the objects associated with the registered queries. Refer to Oracle Database Advanced Application Developer's Guide for more information on database change notification. |
COMMENT ANY TABLE |
Comment on any table, view, or column in any schema. |
EXEMPT ACCESS POLICY |
Bypass fine-grained access control. Caution: This is a very powerful system privilege, as it lets the grantee bypass application-driven security policies. Database administrators should use caution when granting this privilege. |
FORCE ANY TRANSACTION |
Force the commit or rollback of any in-doubt distributed transaction in the local database. Induce the failure of a distributed transaction. |
FORCE TRANSACTION |
Force the commit or rollback of the grantee's in-doubt distributed transactions in the local database. |
GRANT ANY OBJECT PRIVILEGE |
Grant any object privilege that the object owner is permitted to grant. Revoke any object privilege that was granted by the object owner or by some other user with theGRANT ANY OBJECT PRIVILEGE privilege. |
GRANT ANY PRIVILEGE |
Grant any system privilege. |
RESUMABLE |
Enable resumable space allocation. |
SELECT ANY DICTIONARY |
Query any data dictionary object in the SYS schema. This privilege lets you selectively override the default FALSE setting of the O7_DICTIONARY_ACCESSIBILITY initialization parameter. |
SELECT ANY TRANSACTION |
Query the contents of the FLASHBACK_TRANSACTION_QUERY view. Caution: This is a very powerful system privilege, as it lets the grantee view all data in the database, including past data. This privilege should be granted only to users who need to use the Oracle Flashback Transaction Query feature. |
SYSDBA |
Perform STARTUP and SHUTDOWN operations. ALTER DATABASE: open, mount, back up, or change character set. CREATE DATABASE. ARCHIVELOG and RECOVERY. CREATE SPFILE. Includes the RESTRICTED SESSION privilege. |
SYSOPER |
Perform STARTUP and SHUTDOWN operations. ALTER DATABASE: open, mount, or back up. ARCHIVELOG and RECOVERY. CREATE SPFILE. Includes the RESTRICTED SESSION privilege. |
Table 18-2 Object Privileges (Organized by the Database Object Operated Upon)
Object Privilege Name | Operations Authorized |
---|---|
DIRECTORY PRIVILEGES |
The following directory privileges provide secured access to the files stored in the operating system directory to which the directory object serves as a pointer. The directory object contains the full path name of the operating system directory where the files reside. Because the files are actually stored outside the database, Oracle Database server processes also need to have appropriate file permissions on the file system server. Granting object privileges on the directory database object to individual database users, rather than on the operating system, allows the database to enforce security during file operations. |
READ |
Read files in the directory. |
WRITE |
Write files in the directory. This privilege is useful only in connection with external tables. It allows the grantee to determine whether the external table agent can write a log file or a bad file to the directory. Restriction: This privilege does not allow the grantee to write to a BFILE. |
EXECUTE |
Execute a preprocessor program that resides in the directory. A preprocessor program converts data to a supported format when loading data records from an external table with theORACLE_LOADER access driver. Refer to for more information. This privilege does not implicitly allow READ access on the external table data. |
EDITION PRIVILEGE |
The following edition privilege authorizes the use of an edition. |
USE |
Use an edition. |
INDEXTYPE PRIVILEGE |
The following indextype privilege authorizes operations on indextypes. |
EXECUTE |
Reference an indextype. |
FLASHBACK DATA ARCHIVE PRIVILEGE |
The following flashback data archive privilege authorizes operations on flashback data archives. |
FLASHBACK ARCHIVE |
Enable or disable historical tracking for a table. |
LIBRARY PRIVILEGE |
The following library privilege authorizes operations on a library. |
EXECUTE |
Use and reference the specified object and invoke its methods. Caution: This extremely powerful privilege should be granted only to trusted users. Refer toOracle Database Security Guide before granting this privilege. |
MATERIALIZED VIEW PRIVILEGES |
The following materialized view privileges authorize operations on a materialized view. TheDELETE, INSERT, and UPDATE privileges can be granted only to updatable materialized views. |
ON COMMIT REFRESH |
Create a refresh-on-commit materialized view on the specified table. |
QUERY REWRITE |
Create a materialized view for query rewrite using the specified table. |
SELECT |
Query the materialized view with the SELECT statement. |
MINING MODEL PRIVILEGES |
The following mining model privileges authorize operations on a mining model. These privileges are not required for models within the users own schema. |
ALTER |
Change the mining model name or the associated cost matrix using the applicableDBMS_DATA_MINING procedures. |
SELECT |
Score or view the mining model. Scoring is done with the PREDICTION family of SQL functions or with the DBMS_DATA_MINING.APPLY procedure. Viewing the model is done with theDBMS_DATA_MINING.GET_MODEL_DETAILS_* procedures. |
OBJECT TYPE PRIVILEGES |
The following object type privileges authorize operations on a database object type. |
DEBUG |
Access, through a debugger, all public and nonpublic variables, methods, and types defined on the object type. Place a breakpoint or stop at a line or instruction boundary within the type body. |
EXECUTE |
Use and reference the specified object and invoke its methods. Access, through a debugger, public variables, types, and methods defined on the object type. |
UNDER |
Create a subtype under this type. You can grant this object privilege only if you have the UNDERANY TYPE privilege WITH GRANT OPTION on the immediate supertype of this type. |
OLAP PRIVILEGES |
The following object privileges are valid if you are using Oracle Database with the OLAP option. |
INSERT |
Insert members into the OLAP cube dimension or measures into the measures folder. |
ALTER |
Change the definition of the OLAP cube dimension or cube. |
DELETE |
Delete members from the OLAP cube dimension or measures from the measures folder. |
SELECT |
View or query the OLAP cube or cube dimension. |
UPDATE |
Update measure values of the OLAP cube or attribute values of the cube dimension. |
OPERATOR PRIVILEGE |
The following operator privilege authorizes operations on user-defined operators. |
EXECUTE |
Reference an operator. |
PROCEDURE, FUNCTION, PACKAGE PRIVILEGES |
The following procedure, function, and package privileges authorize operations on procedures, functions, and packages. These privileges also apply to Java sources, classes, and resources, which Oracle Database treats as though they were procedures for purposes of granting object privileges. |
DEBUG |
Access, through a debugger, all public and nonpublic variables, methods, and types defined on the object. Place a breakpoint or stop at a line or instruction boundary within the procedure, function, or package. This privilege grants access to the declarations in the method or package specification and body. |
EXECUTE |
Execute the procedure or function directly, or access any program object declared in the specification of a package, or compile the object implicitly during a call to a currently invalid or uncompiled function or procedure. This privilege does not allow the grantee to explicitly compile using ALTER PROCEDURE or ALTER FUNCTION. For explicit compilation you need the appropriateALTER system privilege. Access, through a debugger, public variables, types, and methods defined on the procedure, function, or package. This privilege grants access to the declarations in the method or package specification only. Job scheduler objects are created using the DBMS_SCHEDULER package. After these objects are created, you can grant the EXECUTE object privilege on job scheduler classes and programs. You can also grant ALTER privilege on job scheduler jobs, programs, and schedules. Note: Users do not need this privilege to execute a procedure, function, or package indirectly. |
SCHEDULER PRIVILEGES |
Job scheduler objects are created using the DBMS_SCHEDULER package. After these objects are created, you can grant the following privileges. |
EXECUTE |
Operations on job classes, programs, chains, and credentials. |
ALTER |
Modifications to jobs, programs, chains, credentials, and schedules. |
SEQUENCE PRIVILEGES |
The following sequence privileges authorize operations on a sequence. |
ALTER |
Change the sequence definition with the ALTER SEQUENCE statement. |
SELECT |
Examine and increment values of the sequence with the CURRVAL and NEXTVAL pseudocolumns. |
SYNONYM PRIVILEGES |
Synonym privileges are the same as the privileges for the target object. Granting a privilege on a synonym is equivalent to granting the privilege on the base object. Similarly, granting a privilege on a base object is equivalent to granting the privilege on all synonyms for the object. If you grant to a user a privilege on a synonym, then the user can use either the synonym name or the base object name in the SQL statement that exercises the privilege. |
TABLE PRIVILEGES |
The following table privileges authorize operations on a table. Any one of following object privileges allows the grantee to lock the table in any lock mode with the LOCK TABLE statement. Note: For external tables, the only valid object privileges are ALTER and SELECT. |
ALTER |
Change the table definition with the ALTER TABLE statement. |
DEBUG |
Access, through a debugger:
|
DELETE |
Remove rows from the table with the DELETE statement. Note: You must grant the SELECT privilege on the table along with the DELETE privilege if the table is on a remote database. |
INDEX |
Create an index on the table with the CREATE INDEX statement. |
INSERT |
Add new rows to the table with the INSERT statement. Note: You must grant the SELECT privilege on the table along with the INSERT privilege if the table is on a remote database. |
REFERENCES |
Create a constraint that refers to the table. You cannot grant this privilege to a role. |
SELECT |
Query the table with the SELECT statement. |
UPDATE |
Change data in the table with the UPDATE statement. Note: You must grant the SELECT privilege on the table along with the UPDATE privilege if the table is on a remote database. |
VIEW PRIVILEGES |
The following view privileges authorize operations on a view. Any one of the following object privileges allows the grantee to lock the view in any lock mode with the LOCK TABLE statement. To grant a privilege on a view, you must have that privilege with the GRANT OPTION on all of the base tables of the view. |
DEBUG |
Access, through a debugger:
|
DELETE |
Remove rows from the view with the DELETE statement. |
INSERT |
Add new rows to the view with the INSERT statement. |
MERGE VIEW |
This object privilege has the same behavior as the system privilege , except that the privilege is limited to the views specified in the ON clause. For any query issued by the grantee on the specified views, the optimizer can use view merging to improve query performance without performing the checks that would otherwise be performed to ensure that view merging does not violate any security intentions of the view creator. |
REFERENCES |
Define foreign key constraints on the view. |
SELECT |
Query the view with the SELECT statement. See Also: for additional information on granting this object privilege on a view |
UNDER |
Create a subview under this view. You can grant this object privilege only if you have the UNDERANY VIEW privilege WITH GRANT OPTION on the immediate superview of this view. |
UPDATE |
Change data in the view with the UPDATE statement. |
About Me
.............................................................................................................................................
● 本文作者:小麥苗,部分內容整理自網路,若有侵權請聯絡小麥苗刪除
● 本文在itpub(http://blog.itpub.net/26736162/abstract/1/)、部落格園(http://www.cnblogs.com/lhrbest)和個人微信公眾號(xiaomaimiaolhr)上有同步更新
● 本文itpub地址:http://blog.itpub.net/26736162/abstract/1/
● 本文部落格園地址:http://www.cnblogs.com/lhrbest
● 本文pdf版、個人簡介及小麥苗雲盤地址:http://blog.itpub.net/26736162/viewspace-1624453/
● 資料庫筆試面試題庫及解答:http://blog.itpub.net/26736162/viewspace-2134706/
● DBA寶典今日頭條號地址:
.............................................................................................................................................
● QQ群號:230161599(滿)、618766405
● 微信群:可加我微信,我拉大家進群,非誠勿擾
● 聯絡我請加QQ好友(646634621),註明新增緣由
● 於 2017-11-01 09:00 ~ 2017-11-30 22:00 在魔都完成
● 文章內容來源於小麥苗的學習筆記,部分整理自網路,若有侵權或不當之處還請諒解
● 版權所有,歡迎分享本文,轉載請保留出處
.............................................................................................................................................
● 小麥苗的微店:
● 小麥苗出版的資料庫類叢書:http://blog.itpub.net/26736162/viewspace-2142121/
.............................................................................................................................................
使用微信客戶端掃描下面的二維碼來關注小麥苗的微信公眾號(xiaomaimiaolhr)及QQ群(DBA寶典),學習最實用的資料庫技術。
小麥苗的微信公眾號 小麥苗的DBA寶典QQ群2 《DBA筆試面寶典》讀者群 小麥苗的微店
.............................................................................................................................................
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/26736162/viewspace-2147935/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- Oracle的物件許可權、角色許可權、系統許可權Oracle物件
- 角色許可權(Role)和系統許可權(System)的幾個澄清實驗
- Oracle 使用者、物件許可權、系統許可權Oracle物件
- 系統許可權傳遞和物件許可權傳遞的測試物件
- Android系統許可權和root許可權Android
- Oracle資料庫的系統和物件許可權Oracle資料庫物件
- 系統許可權 GRANT ANY OBJECT PRIVILEGE的作用!Object
- 系統,物件,角色許可權簡析物件
- 檢視角色裡包含的系統許可權、物件許可權和角色物件
- 系統、角色、物件相關許可權字典物件
- oracle物件與系統許可權小測Oracle物件
- 許可權系統:一文搞懂功能許可權、資料許可權
- MySQL許可權系統MySql
- Oracle系統許可權Oracle
- 擁有GRANT ANY OBJECT PRIVILEGE許可權時的許可權回收Object
- 許可權系統:許可權應用服務設計
- mongodb 的許可權系統MongoDB
- 【JavaWeb】許可權管理系統JavaWeb
- 有贊許可權系統
- Android系統許可權Android
- 許可權系統設計
- 許可權系統跟進
- 許可權系統:6個許可權概念模型設計模型
- 許可權系統:許可權應用服務設計Tu
- 自定義許可權物件物件
- 物件許可權的回收物件
- 命令列生成Dcat許可權列表命令列
- 許可權維持專題:作業系統許可權維持作業系統
- 企業許可權管理系統
- Winner許可權管理系統3.0
- MySQL許可權系統簡介MySql
- 通用許可權系統介紹
- 許可權系統概要(收集,整理)
- Mysql存取許可權系統(轉)MySql
- 如果得知無許可權的 Authorization ObjectObject
- linux 檔案許可權 s 許可權和 t 許可權解析Linux
- 作業系統---IO許可權管理和敏感指令作業系統
- 許可權系統的基本概念和架構架構