Table 18-1 System Privileges (Organized by the Database Object Operated Upon)
‘System Privilege Name
Advisor Framework Privileges: All of the
advisor framework privileges are part of the DBA
role.
ADVISOR
ADMINISTER SQL TUNING SET
ADMINISTER ANY SQL TUNING SET
CREATE ANY SQL PROFILE
ALTER ANY SQL PROFILE
DROP ANY SQL PROFILE
ADMINISTER SQL MANAGEMENT OBJECT
ANALYTIC VIEWS
CREATE ANALYTIC VIEW
CREATE ANY ANALYTIC VIEW
ALTER ANY ANALYTIC VIEW
DROP ANY ANALYTIC VIEW
ATTRIBUTE DIMENSIONS
CREATE ATTRIBUTE DIMENSION
CREATE ANY ATTRIBUTE DIMENSION
ALTER ANY ATTRIBUTE DIMENSION
DROP ANY ATTRIBUTE DIMENSION
CLUSTERS:
CREATE CLUSTER
CREATE ANY CLUSTER
ALTER ANY CLUSTER
DROP ANY CLUSTER
CONTEXTS:
CREATE ANY CONTEXT
DROP ANY CONTEXT
DATA REDACTION:
EXEMPT REDACTION POLICY
DATABASE:
ALTER DATABASE
ALTER SYSTEM
AUDIT SYSTEM
DATABASE LINKS:
CREATE DATABASE LINK
CREATE PUBLIC DATABASE LINK
ALTER DATABASE LINK
ALTER PUBLIC DATABASE LINK
DROP PUBLIC DATABASE LINK
DEBUGGING:
DEBUG CONNECT SESSION
DEBUG ANY PROCEDURE
DICTIONARIES:
ANALYZE ANY DICTIONARY
DIMENSIONS:
CREATE DIMENSION
CREATE ANY DIMENSION
ALTER ANY DIMENSION
DROP ANY DIMENSION
DIRECTORIES:
CREATE ANY DIRECTORY
DROP ANY DIRECTORY
EDITIONS:
CREATE ANY EDITION
DROP ANY EDITION
FLASHBACK DATA ARCHIVES:
FLASHBACK ARCHIVE ADMINISTER
HIERARCHIES
CREATE HIERARCHY
CREATE ANY HIERARCHY
ALTER ANY HIERARCHY
DROP ANY HIERARCHY
INDEXES:
CREATE ANY INDEX
ALTER ANY INDEX
DROP ANY INDEX
INDEXTYPES:
CREATE INDEXTYPE
CREATE ANY INDEXTYPE,
ALTER ANY INDEXTYPE
DROP ANY INDEXTYPE
EXECUTE ANY INDEXTYPE
JOB SCHEDULER OBJECTS:
CREATE JOB
CREATE ANY JOB
CREATE EXTERNAL JOB
EXECUTE ANY CLASS
EXECUTE ANY PROGRAM
MANAGE SCHEDULER
USE ANY JOB RESOURCE
KEY MANAGEMENT FRAMEWORK:
ADMINISTER KEY MANAGEMENT
LIBRARIES:
CREATE LIBRARY
CREATE ANY LIBRARY
ALTER ANY LIBRARY
DROP ANY LIBRARY
EXECUTE ANY LIBRARY
LOGMINER:
LOGMINING
MATERIALIZED VIEWS:
CREATE MATERIALIZED VIEW
CREATE ANY MATERIALIZED VIEW
ALTER ANY MATERIALIZED VIEW
DROP ANY MATERIALIZED VIEW
QUERY REWRITE
GLOBAL QUERY REWRITE.
ON COMMIT REFRESH
FLASHBACK ANY TABLE
MINING MODELS:
CREATE MINING MODEL
CREATE ANY MINING MODEL.
ALTER ANY MINING MODEL
DROP ANY MINING MODEL
SELECT ANY MINING MODEL
COMMENT ANY MINING MODEL
OLAP CUBES:
CREATE CUBE
CREATE ANY CUBE
ALTER ANY CUBE
DROP ANY CUBE
SELECT ANY CUBE
UPDATE ANY CUBE
OLAP CUBE MEASURE FOLDERS:
CREATE MEASURE FOLDER
CREATE ANY MEASURE FOLDER
DELETE ANY MEASURE FOLDER
DROP ANY MEASURE FOLDER
INSERT ANY MEASURE FOLDER
OLAP CUBE DIMENSIONS:
CREATE CUBE DIMENSION
CREATE ANY CUBE DIMENSION
ALTER ANY CUBE DIMENSION
DELETE ANY CUBE DIMENSION
DROP ANY CUBE DIMENSION
INSERT ANY CUBE DIMENSION
SELECT ANY CUBE DIMENSION
UPDATE ANY CUBE DIMENSION
OLAP CUBE BUILD PROCESSES:
CREATE CUBE BUILD PROCESS
CREATE ANY CUBE BUILD PROCESS
DROP ANY CUBE BUILD PROCESS
UPDATE ANY CUBE BUILD PROCESS
OPERATORS:
CREATE OPERATOR
CREATE ANY OPERATOR
ALTER ANY OPERATOR
DROP ANY OPERATOR
EXECUTE ANY OPERATOR
OUTLINES:
CREATE ANY OUTLINE
ALTER ANY OUTLINE
DROP ANY OUTLINE
PDB LOCKDOWN PROFILES:
CREATE LOCKDOWN PROFILE
ALTER LOCKDOWN PROFILE
DROP LOCKDOWN PROFILE
PLAN MANAGEMENT:
ADMINISTER SQL MANAGEMENT OBJECT
PLUGGABLE DATABASES:
CREATE PLUGGABLE DATABASE
‘SET CONTAINER
PROCEDURES:
CREATE PROCEDURE
CREATE ANY PROCEDURE.
ALTER ANY PROCEDURE
DROP ANY PROCEDURE
EXECUTE ANY PROCEDURE
INHERIT ANY REMOTE PRIVILEGES
PROFILES:
CREATE PROFILE
ALTER PROFILE
DROP PROFILE
ROLES:
CREATE ROLE
ALTER ANY ROLE
DROP ANY ROLE
Operations Authorized
Lechuga Ortega Jesus Alejandro
7CM13
‘Access the advisor framework through PL/SQL packages such as,
DBMS_ADVISOR and DBMS_SQLTUNE.
Create, drop, select (read), load (write), and delete SQL tuning sets
‘owned by the grantee through the DBMS_SQLTUNE package.
Create, drop, select (read), load (write), and delete SQL tuning sets
owned by any user through the DBMS_SQLTUNE package.
Accept a SQL Profile recommended by the SQL Tuning Advisor,
which is accessed through Enterprise Manager or by the
DBMS_SQLTUNE package.
Note: This privilege has been deprecated in favor of ADMINISTER
‘SQL MANAGEMENT OBJECT.
Alter the attributes of an existing SQL Profile.
Note: This privilege has been deprecated in favor of ADMINISTER
‘SQL MANAGEMENT OBJECT.
Drop existing SQL Profiles.
Note: This privilege has been deprecated in favor of ADMINISTER
‘SQL MANAGEMENT OBJECT.
Create, alter, and drop SQL Profiles owned by any user through the
DBMS_SQLTUNE package.
Create analytic views in the grantee's schema.
Create analytic views in any schema except SYS, AUDSYS.
Rename analytic views in any schema except SYS, AUDSYS.
Drop analytic views in any schema except SYS, AUDSYS .
Create attribute dimensions in the grantee's schema.
Create attribute dimensions in any schema except SYS, AUDSYS.
Rename attribute dimensions in any schema except SYS, AUDSYS.
Drop attribute dimensions in any schema except SYS, AUDSYS.
Create clusters in the grantee's schema.
Create clusters in any schema except SYS, AUDSYS. Behaves
similarly to CREATE ANY TABLE.
Alter clusters in any schema except SYS, AUDSYS.
Drop clusters in any schema except SYS, AUDSYS.
Create any context namespace.
Drop any context namespace.
Bypass any existing Oracle Data Redaction policies and view actual
data from tables or views on which Data Redaction policies are
defined.
Alter the database.
Issue ALTER SYSTEM statements.
Issue AUDIT statements.
Create private database links in the grantee's schema.
Create public database links.
Modify a fixed-user database link when the password of the
connection or authentication user changes.
Modify a public fixed-user database link when the password of the
connection or authentication user changes.
Drop public database links.
Connect the current session to a debugger.
Debug all PL/SQL and Java code in any database object. Display
information on all SQL statements executed by the application.
Note: Granting this privilege is equivalent to granting the DEBUG
object privilege on all applicable objects in the database.
Analyze any data dictionary object.
Create dimensions in the grantee's schema.
Create dimensions in any schema except SYS, AUDSYS.
Alter dimensions in any schema except SYS, AUDSYS.
Drop dimensions in any schema except SYS, AUDSYS.
Create directory database objects.
Drop directory database objects.
Create editions.
Drop editions.
Create, ater, or drop any flashback data archive.
Create hierarchies in the grantee's schema.
Create hierarchies in any schema except SYS, AUDSYS.
Rename hierarchies in any schema except SYS, AUDSYS.
Drop hierarchies in any schema except SYS, AUDSYS.
Create in any schema, except SYS, AUDSYS, a domain index or an
index on any table in any schema except SYS, AUDSYS.
Allter indexes in any schema except SYS, AUDSYS.
Drop indexes in any schema except SYS, AUDSYS.
Create indextypes in the grantee's schema.
Create indextypes in any schema except SYS and create comments
‘on indextypes in any schema except SYS.
Modify indextypes in any schema except SYS, AUDSYS.
Drop indextypes in any schema except SYS, AUDSYS.
Reference indextypes in any schema except SYS, AUDSYS.
The following privileges are needed to execute procedures in the
DBMS_SCHEDULER package. This privileges do not apply to
lightweight jobs, which are not database objects. Refer to Oracle
Database Administrator's Guide for more information about
lightweight jobs.
Create, ater, or drop jobs, chains, schedules, programs, credentials,
resource objects, or incompatibility resource objects in the grantee’s
schema.
Create, alter, or drop jobs, chains, schedules, programs, credentials,
resource objects, or incompatibility resource objects in any schema
‘except SYS, AUDSYS.
Note: This extremely powerful privilege allows the grantee to
execute code as any other user. It should be granted with caution.
Create in the grantee's schema an executable scheduler job that
runs on the operating system.
‘Specify any job class in a job in the grantee's schema.
Use any program in ajob in the grantee’s schema,
Create, alter, or drop any job class, window, or window group.
Associate any schedule resource object with any program or job in
the grantee’s schema.
Manage keys and keystores.
Caution: CREATE LIBARARY, CREATE ANY LIBRARY, ALTER ANY
LIBRARY, and EXECUTE ANY LIBRARY are extremely powerful
privileges that should be granted only to trusted users. Refer to
Oracle Database Security Guide before granting these privileges.
Create external procedure or function libraries in the grantee's
schema.
Create external procedure or function libraries in any schema except
SYS, AUDSYS.
Alter external procedure or function libraries in any schema except
SYS, AUDSYS.
Drop external procedure or function libraries in any schema except
SYS, AUDSYS.
Use external procedure or function libraries in any schema except
SYS, AUDSYS.
Execute procedures in the DBMS_LOGHNR package in a CDB. Query
the contents of the VSLOGMNR_CONTENTS view.
Create materialized views in the grantee's schema.
Create materialized views in any schema except SYS, AUDSYS.
Alter materialized views in any schema except SYS, AUDSYS.
Drop materialized views in any schema except SYS, AUDSYS.
This privilege has been deprecated. No privileges are needed for a
user to enable rewrite for a materialized view that references tables
or views in the user's own schema,
Enable rewrite using a materialized view when that materialized view
references tables or views in any schema except SYS.
Create a refresh-on-commit materialized view on any table in the
database.
Alter a refresh-on-demand materialized view on any table in the
database to refresh-on-commit.
Issue a SQL Flashback Query on any table, view, or materialized view
in any schema except SYS. This privilege is not needed to execute
‘the DBMS_FLASHBACK procedures.
Create mining models in the grantee's schema using the
DBMS_DATA_MINING.CREATE_MODEL procedure.
Create mining models in any schema, except SYS, AUDSYS, using the
DBNS_DATA_MINING. CREATE_MODEL procedure.
Change the mining model name or the associated cost matrix of a
model in any schema, except SYS, AUDSYS, using the applicable
DBMS_DATA_MINING procedures.
Drop mining models in any schema, except SYS, AUDSYS, using the
DBMS_DATA_MINING.DROP_MODEL procedure.
‘Score or view mining models in any schema except SYS, AUDSYS.
Scoringis done either with the PREDICTION family of SQL functions
or with the DBMS_DATA_MINING. APPLY procedure. Viewing the
model is done with the
DBMS_DATA_MINING.GET_MODEL_DETAILS_* procedures.
Create comments on mining models in any schema, except SYS,
AUDSYS, using the SQL COMMENT statement.
The following privileges are valid when you are using Oracle
Database with the OLAP option.
Create OLAP cubes in the grantee’s schema.
Create OLAP cubes in any schema except SYS, AUDSYS.
Alter OLAP cubes in any schema except SYS, AUDSYS.
Drop OLAP cubes in any schema except SYS, AUDSYS.
‘Query or view OLAP cubes in any schema except SYS, AUDSYS.
Update OLAP cubes in any schema except SYS, AUDSYS.
The following privileges are valid when you are using Oracle
Database with the OLAP option.
Create OLAP measure folders in the grantee's schema.
Create OLAP measure folders in any schemia except SYS, AUDSYS.
Delete a measure from an OLAP measure folder in any schema
except SYS, AUDSYS.
Drop OLAP measure folders in any schema except SYS, AUDSYS.
Insert a measure into an OLAP measure folder in any schema except
SYS, AUDSYS.
The following privileges are valid when you are using Oracle
Database with the OLAP option.
Create OLAP cube dimension in the grantee's schema.
Create OLAP cube dimensions in any schema except SYS, AUDSYS.
Alter OLAP cube dimensions in any schema except SYS, AUDSYS.
Delete from OLAP cube dimensions in any schema except SYS,
AUDSYS.
Drop OLAP cube dimensions in any schema except SYS, AUDSYS.
Insert into OLAP cube dimensions in any schema except
SYS, AUDSYS.
View or query OLAP cube dimensions in any schema except
SYS, AUDSYS.
Update OLAP cube dimensions in any schema except SYS, AUDSYS.
Create OLAP cube build processes in the grantee's schema.
Create OLAP cube build processes in any schema except
SYS, AUDSYS.
Drop OLAP cube build processes in any schema except
SYS, AUDSYS.
Update OLAP cube build processes in any schema except
SYS, AUDSYS.
Create an operator and its bindings in the grantee's schema.
Create an operator and its bindings in any schema and create a
‘comment on an operator in any schema,
Modify operators in any schema.
Drop operators in any schema.
Reference operators in any schema.
Create public outlines that can be used in any schema that uses
outlines.
Modify outlines.
Drop outlines.
Create PDB lockdown profiles.
Alter PDB lockdown profiles.
Drop PDB lockdown profiles.
Perform controlled manipulation of plan history and SOL plan
baselines maintained for various SQL statements.
Create a PDB.
Plug in a PDB that was previously unplugged from a CDB.
Clone a PDB.
Allow a common user to switch into the container for which this
privilege was granted. This privilege can be granted only toa
‘common user or common role.
Create stored procedures, functions, or packages in the grantee's
schema.
Create stored procedures, functions, or packages in any schema
‘except SYS, AUDSYS.
Allter stored procedures, functions, or packages in any schema
except SYS, AUDSYS.
Drop stored procedures, functions, or packages in any schema
except SYS, AUDSYS.
Execute procedures or functions, either standalone or packaged.
Reference public package variables in any schema except
SYS, AUDSYS.
Execute definer’s rights procedures or functions that contain
current user database links.
Create profiles.
Alter profiles.
Drop profiles.
Create roles.
Alter any role in the database.
Drop roles.