| Advisor Framework Privileges: All of the advisor framework privileges are part of the DBA role. |
ADVISOR |
Access the advisor framework through PL/SQL packages such as DBMS_ADVISOR and DBMS_SQLTUNE. |
ADMINISTER SQL TUNING SET |
Create, drop, select (read), load (write), and delete a SQL tuning set owned by the grantee through the DBMS_SQLTUNE package |
ADMINISTER ANY SQL TUNING SET |
Create, drop, select (read), load (write), and delete a SQL tuning set owned by any user through the DBMS_SQLTUNE package |
CREATE ANY SQL PROFILE |
Accept a SQL Profile recommended by the SQL Tuning Advisor, which is accessed through Enterprise Manager or by the DBMS_SQLTUNE package. |
DROP ANY SQL PROFILE |
Drop an existing SQL Profile |
ALTER ANY SQL PROFILE |
Alter the attributes of an existing SQL Profile |
| CLUSTERS: |
CREATE CLUSTER |
Create clusters in the grantee's schema |
CREATE ANY CLUSTER |
Create a cluster in any schema. Behaves similarly to CREATE ANY TABLE. |
ALTER ANY CLUSTER |
Alter clusters in any schema |
DROP ANY CLUSTER |
Drop clusters in any schema |
| CONTEXTS: |
CREATE ANY CONTEXT |
Create any context namespace |
DROP ANY CONTEXT |
Drop any context namespace |
| DATABASE: |
ALTER DATABASE |
Alter the database |
ALTER SYSTEM |
Issue ALTER SYSTEM statements |
AUDIT SYSTEM |
Issue AUDIT statements |
| DATABASE LINKS: |
CREATE DATABASE LINK |
Create private database links in the grantee's schema |
CREATE PUBLIC DATABASE LINK |
Create public database links |
DROP PUBLIC DATABASE LINK |
Drop public database links |
| DEBUGGING: |
DEBUG CONNECT SESSION |
Connect the current session to a debugger. |
DEBUG ANY PROCEDURE |
Debug all PL/SQL and Java code in any database object. Display information on all SQL statements executed by the application.
Note: Granting this privilege is equivalent to granting the DEBUG object privilege on all applicable objects in the database. |
| DIMENSIONS: |
CREATE DIMENSION |
Create dimensions in the grantee's schema |
CREATE ANY DIMENSION |
Create dimensions in any schema |
ALTER ANY DIMENSION |
Alter dimensions in any schema |
DROP ANY DIMENSION |
Drop dimensions in any schema |
| DIRECTORIES |
CREATE ANY DIRECTORY |
Create directory database objects |
DROP ANY DIRECTORY |
Drop directory database objects |
| INDEXTYPES: |
CREATE INDEXTYPE |
Create an indextype in the grantee's schema |
CREATE ANY INDEXTYPE |
Create an indextype in any schema |
ALTER ANY INDEXTYPE |
Modify indextypes in any schema |
DROP ANY INDEXTYPE |
Drop an indextype in any schema |
EXECUTE ANY INDEXTYPE |
Reference an indextype in any schema |
| INDEXES: |
CREATE ANY INDEX |
Create in any schema a domain index or an index on any table in any schema |
ALTER ANY INDEX |
Alter indexes in any schema |
DROP ANY INDEX |
Drop indexes in any schema |
| JOB SCHEDULER OBJECTS: |
The following privileges are needed to execute procedures in the DBMS_SCHEDULER package. |
CREATE JOB |
Create jobs, schedules, or programs in the grantee's schema |
CREATE ANY JOB |
Create, alter, or drop jobs, schedules, or programs in any schema
Note: This extremely powerful privilege allows the grantee to execute code as any other user. It should be granted with caution. |
EXECUTE ANY PROGRAM |
Use any program in a job in the grantee's schema |
EXECUTE ANY CLASS |
Specify any job class in a job in the grantee's schema |
MANAGE SCHEDULER |
Create, alter, or drop any job class, window, or window group |
| LIBRARIES: |
CREATE LIBRARY |
Create external procedure or function libraries in the grantee's schema |
CREATE ANY LIBRARY |
Create external procedure or function libraries in any schema |
DROP ANY LIBRARY |
Drop external procedure or function libraries in any schema |
| MATERIALIZED VIEWS: |
CREATE MATERIALIZED VIEW |
Create a materialized view in the grantee's schema |
CREATE ANY MATERIALIZED VIEW |
Create materialized views in any schema |
ALTER ANY MATERIALIZED VIEW |
Alter materialized views in any schema |
DROP ANY MATERIALIZED VIEW |
Drop materialized views in any schema |
QUERY REWRITE |
This privilege has been deprecated. No specify privileges are needed for a user to enable rewrite for a materialized view that references tables or views in the user's own schema. |
GLOBAL QUERY REWRITE |
Enable rewrite using a materialized view when that materialized view references tables or views in any schema |
ON COMMIT REFRESH |
Create a refresh-on-commit materialized view on any table in the database
Alter a refresh-on-demand materialized on any table in the database to refresh-on-commit |
FLASHBACK ANY TABLE |
Issue a SQL Flashback Query on any table, view, or materialized view in any schema. This privilege is not needed to execute the DBMS_FLASHBACK procedures. |
| OPERATORS: |
CREATE OPERATOR |
Create an operator and its bindings in the grantee's schema |
CREATE ANY OPERATOR |
Create an operator and its bindings in any schema |
ALTER ANY OPERATOR |
Modify an operator in any schema |
DROP ANY OPERATOR |
Drop an operator in any schema |
EXECUTE ANY OPERATOR |
Reference an operator in any schema |
| OUTLINES: |
CREATE ANY OUTLINE |
Create public outlines that can be used in any schema that uses outlines |
ALTER ANY OUTLINE |
Modify outlines |
DROP ANY OUTLINE |
Drop outlines |
| PROCEDURES: |
CREATE PROCEDURE |
Create stored procedures, functions, and packages in the grantee's schema |
CREATE ANY PROCEDURE |
Create stored procedures, functions, and packages in any schema |
ALTER ANY PROCEDURE |
Alter stored procedures, functions, or packages in any schema |
DROP ANY PROCEDURE |
Drop stored procedures, functions, or packages in any schema |
EXECUTE ANY PROCEDURE |
Execute procedures or functions, either standalone or packaged
Reference public package variables in any schema |
| PROFILES: |
CREATE PROFILE |
Create profiles |
ALTER PROFILE |
Alter profiles |
DROP PROFILE |
Drop profiles |
| ROLES: |
CREATE ROLE |
Create roles |
ALTER ANY ROLE |
Alter any role in the database |
DROP ANY ROLE |
Drop roles |
GRANT ANY ROLE |
Grant any role in the database |
| ROLLBACK SEGMENTS: |
CREATE ROLLBACK SEGMENT |
Create rollback segments |
ALTER ROLLBACK SEGMENT |
Alter rollback segments |
DROP ROLLBACK SEGMENT |
Drop rollback segments |
| SEQUENCES: |
CREATE SEQUENCE |
Create sequences in the grantee's schema |
CREATE ANY SEQUENCE |
Create sequences in any schema |
ALTER ANY SEQUENCE |
Alter any sequence in the database |
DROP ANY SEQUENCE |
Drop sequences in any schema |
SELECT ANY SEQUENCE |
Reference sequences in any schema |
| SESSIONS: |
CREATE SESSION |
Connect to the database |
ALTER RESOURCE COST |
Set costs for session resources |
ALTER SESSION |
Issue ALTER SESSION statements |
RESTRICTED SESSION |
Logon after the instance is started using the SQL*Plus STARTUP RESTRICT statement |
| SNAPSHOTS: See MATERIALIZED VIEWS |
| SYNONYMS: |
CREATE SYNONYM |
Create synonyms in the grantee's schema |
CREATE ANY SYNONYM |
Create private synonyms in any schema |
CREATE PUBLIC SYNONYM |
Create public synonyms |
DROP ANY SYNONYM |
Drop private synonyms in any schema |
DROP PUBLIC SYNONYM |
Drop public synonyms |
| TABLES:
Note: For external tables, the only valid privileges are CREATE ANY TABLE, ALTER ANY TABLE, DROP ANY TABLE, and SELECT ANY TABLE. |
CREATE TABLE |
Create tables in the grantee's schema |
CREATE ANY TABLE |
Create tables in any schema. The owner of the schema containing the table must have space quota on the tablespace to contain the table. |
ALTER ANY TABLE |
Alter any table or view in any schema |
BACKUP ANY TABLE |
Use the Export utility to incrementally export objects from the schema of other users |
DELETE ANY TABLE |
Delete rows from tables, table partitions, or views in any schema |
DROP ANY TABLE |
Drop or truncate tables or table partitions in any schema |
INSERT ANY TABLE |
Insert rows into tables and views in any schema |
LOCK ANY TABLE |
Lock tables and views in any schema |
SELECT ANY TABLE |
Query tables, views, or materialized views in any schema |
FLASHBACK ANY TABLE |
Issue a SQL Flashback Query on any table, view, or materialized view in any schema. This privilege is not needed to execute the DBMS_FLASHBACK procedures. |
UPDATE ANY TABLE |
Update rows in tables and views in any schema |
| TABLESPACES: |
CREATE TABLESPACE |
Create tablespaces |
ALTER TABLESPACE |
Alter tablespaces |
DROP TABLESPACE |
Drop tablespaces |
MANAGE TABLESPACE |
Take tablespaces offline and online and begin and end tablespace backups |
UNLIMITED TABLESPACE |
Use an unlimited amount of any tablespace. This privilege overrides any specific quotas assigned. If you revoke this privilege from a user, then the user's schema objects remain but further tablespace allocation is denied unless authorized by specific tablespace quotas. You cannot grant this system privilege to roles. |
| TRIGGERS: |
CREATE TRIGGER |
Create a database trigger in the grantee's schema |
CREATE ANY TRIGGER |
Create database triggers in any schema |
ALTER ANY TRIGGER |
Enable, disable, or compile database triggers in any schema |
DROP ANY TRIGGER |
Drop database triggers in any schema |
ADMINISTER DATABASE TRIGGER |
Create a trigger on DATABASE. You must also have the CREATE TRIGGER or CREATE ANY TRIGGER system privilege. |
| TYPES: |
CREATE TYPE |
Create object types and object type bodies in the grantee's schema |
CREATE ANY TYPE |
Create object types and object type bodies in any schema |
ALTER ANY TYPE |
Alter object types in any schema |
DROP ANY TYPE |
Drop object types and object type bodies in any schema |
EXECUTE ANY TYPE |
Use and reference object types and collection types in any schema, and invoke methods of an object type in any schema if you make the grant to a specific user. If you grant EXECUTE ANY TYPE to a role, then users holding the enabled role will not be able to invoke methods of an object type in any schema. |
UNDER ANY TYPE |
Create subtypes under any nonfinal object types. |
| USERS: |
CREATE USER |
Create users. This privilege also allows the creator to:
-
Assign quotas on any tablespace
-
Set default and temporary tablespaces
-
Assign a profile as part of a CREATE USER statement |
ALTER USER |
Alter any user. This privilege authorizes the grantee to:
-
Change another user's password or authentication method
-
Assign quotas on any tablespace
-
Set default and temporary tablespaces
-
Assign a profile and default roles |
DROP USER |
Drop users |
| VIEWS: |
CREATE VIEW |
Create views in the grantee's schema |
CREATE ANY VIEW |
Create views in any schema |
DROP ANY VIEW |
Drop views in any schema |
UNDER ANY VIEW |
Create subviews under any object views |
FLASHBACK ANY TABLE |
Issue a SQL Flashback Query on any table, view, or materialized view in any schema. This privilege is not needed to execute the DBMS_FLASHBACK procedures. |
| MISCELLANEOUS: |
ANALYZE ANY |
Analyze any table, cluster, or index in any schema |
AUDIT ANY |
Audit any object in any schema using AUDIT schema_objects statements |
COMMENT ANY TABLE |
Comment on any table, view, or column in any schema |
EXEMPT ACCESS POLICY |
Bypass fine-grained access control
Caution: This is a very powerful system privilege, as it lets the grantee bypass application-driven security policies. Database administrators should use caution when granting this privilege. |
FORCE ANY TRANSACTION |
Force the commit or rollback of any in-doubt distributed transaction in the local database
Induce the failure of a distributed transaction |
FORCE TRANSACTION |
Force the commit or rollback of the grantee's in-doubt distributed transactions in the local database |
GRANT ANY OBJECT PRIVILEGE |
Grant any object privilege
Revoke any object privilege that was granted by the object owner or by some other user with the GRANT ANY OBJECT PRIVILEGE privilege |
GRANT ANY PRIVILEGE |
Grant any system privilege |
RESUMABLE |
Enable resumable space allocation |
SELECT ANY DICTIONARY |
Query any data dictionary object in the SYS schema. This privilege lets you selectively override the default FALSE setting of the O7_DICTIONARY_ACCESSIBILITY initialization parameter. |
SYSDBA |
Perform STARTUP and SHUTDOWN operations
ALTER DATABASE: open, mount, back up, or change character set
CREATE DATABASE
ARCHIVELOG and RECOVERY
CREATE SPFILE
Includes the RESTRICTED SESSION privilege |
SYSOPER |
Perform STARTUP and SHUTDOWN operations
ALTER DATABASE: open, mount, or back up
ARCHIVELOG and RECOVERY
CREATE SPFILE
Includes the RESTRICTED SESSION privilege |
CONNECT, RESOURCE, and DBA |
These roles are provided for compatibility with previous versions of Oracle Database. You can determine the privileges encompassed by these roles by querying the DBA_SYS_PRIVS data dictionary view.
Note: Oracle recommends that you design your own roles for database security rather than relying on these roles. These roles may not be created automatically by future versions of Oracle Database. |
DELETE_CATALOG_ROLE EXECUTE_CATALOG_ROLE SELECT_CATALOG_ROLE |
These roles are provided for accessing data dictionary views and packages. |
EXP_FULL_DATABASE
IMP_FULL_DATABASE |
These roles are provided for convenience in using the import and export utilities. |
AQ_USER_ROLE
AQ_ADMINISTRATOR_ROLE |
You need these roles to use Oracle Advanced Queuing. |
SNMPAGENT |
This role is used by the Enterprise Manager Intelligent Agent. |
RECOVERY_CATALOG_OWNER |
You need this role to create a user who owns a recovery catalog. |
