Table 18-1 System Privileges (Organized by the Database Object Operated Upon) ‘System Privilege Name Advisor Framework Privileges: All of the advisor framework privileges are part of the DBA role. ADVISOR ADMINISTER SQL TUNING SET ADMINISTER ANY SQL TUNING SET CREATE ANY SQL PROFILE ALTER ANY SQL PROFILE DROP ANY SQL PROFILE ADMINISTER SQL MANAGEMENT OBJECT ANALYTIC VIEWS CREATE ANALYTIC VIEW CREATE ANY ANALYTIC VIEW ALTER ANY ANALYTIC VIEW DROP ANY ANALYTIC VIEW ATTRIBUTE DIMENSIONS CREATE ATTRIBUTE DIMENSION CREATE ANY ATTRIBUTE DIMENSION ALTER ANY ATTRIBUTE DIMENSION DROP ANY ATTRIBUTE DIMENSION CLUSTERS: CREATE CLUSTER CREATE ANY CLUSTER ALTER ANY CLUSTER DROP ANY CLUSTER CONTEXTS: CREATE ANY CONTEXT DROP ANY CONTEXT DATA REDACTION: EXEMPT REDACTION POLICY DATABASE: ALTER DATABASE ALTER SYSTEM AUDIT SYSTEM DATABASE LINKS: CREATE DATABASE LINK CREATE PUBLIC DATABASE LINK ALTER DATABASE LINK ALTER PUBLIC DATABASE LINK DROP PUBLIC DATABASE LINK DEBUGGING: DEBUG CONNECT SESSION DEBUG ANY PROCEDURE DICTIONARIES: ANALYZE ANY DICTIONARY DIMENSIONS: CREATE DIMENSION CREATE ANY DIMENSION ALTER ANY DIMENSION DROP ANY DIMENSION DIRECTORIES: CREATE ANY DIRECTORY DROP ANY DIRECTORY EDITIONS: CREATE ANY EDITION DROP ANY EDITION FLASHBACK DATA ARCHIVES: FLASHBACK ARCHIVE ADMINISTER HIERARCHIES CREATE HIERARCHY CREATE ANY HIERARCHY ALTER ANY HIERARCHY DROP ANY HIERARCHY INDEXES: CREATE ANY INDEX ALTER ANY INDEX DROP ANY INDEX INDEXTYPES: CREATE INDEXTYPE CREATE ANY INDEXTYPE, ALTER ANY INDEXTYPE DROP ANY INDEXTYPE EXECUTE ANY INDEXTYPE JOB SCHEDULER OBJECTS: CREATE JOB CREATE ANY JOB CREATE EXTERNAL JOB EXECUTE ANY CLASS EXECUTE ANY PROGRAM MANAGE SCHEDULER USE ANY JOB RESOURCE KEY MANAGEMENT FRAMEWORK: ADMINISTER KEY MANAGEMENT LIBRARIES: CREATE LIBRARY CREATE ANY LIBRARY ALTER ANY LIBRARY DROP ANY LIBRARY EXECUTE ANY LIBRARY LOGMINER: LOGMINING MATERIALIZED VIEWS: CREATE MATERIALIZED VIEW CREATE ANY MATERIALIZED VIEW ALTER ANY MATERIALIZED VIEW DROP ANY MATERIALIZED VIEW QUERY REWRITE GLOBAL QUERY REWRITE. ON COMMIT REFRESH FLASHBACK ANY TABLE MINING MODELS: CREATE MINING MODEL CREATE ANY MINING MODEL. ALTER ANY MINING MODEL DROP ANY MINING MODEL SELECT ANY MINING MODEL COMMENT ANY MINING MODEL OLAP CUBES: CREATE CUBE CREATE ANY CUBE ALTER ANY CUBE DROP ANY CUBE SELECT ANY CUBE UPDATE ANY CUBE OLAP CUBE MEASURE FOLDERS: CREATE MEASURE FOLDER CREATE ANY MEASURE FOLDER DELETE ANY MEASURE FOLDER DROP ANY MEASURE FOLDER INSERT ANY MEASURE FOLDER OLAP CUBE DIMENSIONS: CREATE CUBE DIMENSION CREATE ANY CUBE DIMENSION ALTER ANY CUBE DIMENSION DELETE ANY CUBE DIMENSION DROP ANY CUBE DIMENSION INSERT ANY CUBE DIMENSION SELECT ANY CUBE DIMENSION UPDATE ANY CUBE DIMENSION OLAP CUBE BUILD PROCESSES: CREATE CUBE BUILD PROCESS CREATE ANY CUBE BUILD PROCESS DROP ANY CUBE BUILD PROCESS UPDATE ANY CUBE BUILD PROCESS OPERATORS: CREATE OPERATOR CREATE ANY OPERATOR ALTER ANY OPERATOR DROP ANY OPERATOR EXECUTE ANY OPERATOR OUTLINES: CREATE ANY OUTLINE ALTER ANY OUTLINE DROP ANY OUTLINE PDB LOCKDOWN PROFILES: CREATE LOCKDOWN PROFILE ALTER LOCKDOWN PROFILE DROP LOCKDOWN PROFILE PLAN MANAGEMENT: ADMINISTER SQL MANAGEMENT OBJECT PLUGGABLE DATABASES: CREATE PLUGGABLE DATABASE ‘SET CONTAINER PROCEDURES: CREATE PROCEDURE CREATE ANY PROCEDURE. ALTER ANY PROCEDURE DROP ANY PROCEDURE EXECUTE ANY PROCEDURE INHERIT ANY REMOTE PRIVILEGES PROFILES: CREATE PROFILE ALTER PROFILE DROP PROFILE ROLES: CREATE ROLE ALTER ANY ROLE DROP ANY ROLE Operations Authorized Lechuga Ortega Jesus Alejandro 7CM13 ‘Access the advisor framework through PL/SQL packages such as, DBMS_ADVISOR and DBMS_SQLTUNE. Create, drop, select (read), load (write), and delete SQL tuning sets ‘owned by the grantee through the DBMS_SQLTUNE package. Create, drop, select (read), load (write), and delete SQL tuning sets owned by any user through the DBMS_SQLTUNE package. Accept a SQL Profile recommended by the SQL Tuning Advisor, which is accessed through Enterprise Manager or by the DBMS_SQLTUNE package. Note: This privilege has been deprecated in favor of ADMINISTER ‘SQL MANAGEMENT OBJECT. Alter the attributes of an existing SQL Profile. Note: This privilege has been deprecated in favor of ADMINISTER ‘SQL MANAGEMENT OBJECT. Drop existing SQL Profiles. Note: This privilege has been deprecated in favor of ADMINISTER ‘SQL MANAGEMENT OBJECT. Create, alter, and drop SQL Profiles owned by any user through the DBMS_SQLTUNE package. Create analytic views in the grantee's schema. Create analytic views in any schema except SYS, AUDSYS. Rename analytic views in any schema except SYS, AUDSYS. Drop analytic views in any schema except SYS, AUDSYS . Create attribute dimensions in the grantee's schema. Create attribute dimensions in any schema except SYS, AUDSYS. Rename attribute dimensions in any schema except SYS, AUDSYS. Drop attribute dimensions in any schema except SYS, AUDSYS. Create clusters in the grantee's schema. Create clusters in any schema except SYS, AUDSYS. Behaves similarly to CREATE ANY TABLE. Alter clusters in any schema except SYS, AUDSYS. Drop clusters in any schema except SYS, AUDSYS. Create any context namespace. Drop any context namespace. Bypass any existing Oracle Data Redaction policies and view actual data from tables or views on which Data Redaction policies are defined. Alter the database. Issue ALTER SYSTEM statements. Issue AUDIT statements. Create private database links in the grantee's schema. Create public database links. Modify a fixed-user database link when the password of the connection or authentication user changes. Modify a public fixed-user database link when the password of the connection or authentication user changes. Drop public database links. Connect the current session to a debugger. Debug all PL/SQL and Java code in any database object. Display information on all SQL statements executed by the application. Note: Granting this privilege is equivalent to granting the DEBUG object privilege on all applicable objects in the database. Analyze any data dictionary object. Create dimensions in the grantee's schema. Create dimensions in any schema except SYS, AUDSYS. Alter dimensions in any schema except SYS, AUDSYS. Drop dimensions in any schema except SYS, AUDSYS. Create directory database objects. Drop directory database objects. Create editions. Drop editions. Create, ater, or drop any flashback data archive. Create hierarchies in the grantee's schema. Create hierarchies in any schema except SYS, AUDSYS. Rename hierarchies in any schema except SYS, AUDSYS. Drop hierarchies in any schema except SYS, AUDSYS. Create in any schema, except SYS, AUDSYS, a domain index or an index on any table in any schema except SYS, AUDSYS. Allter indexes in any schema except SYS, AUDSYS. Drop indexes in any schema except SYS, AUDSYS. Create indextypes in the grantee's schema. Create indextypes in any schema except SYS and create comments ‘on indextypes in any schema except SYS. Modify indextypes in any schema except SYS, AUDSYS. Drop indextypes in any schema except SYS, AUDSYS. Reference indextypes in any schema except SYS, AUDSYS. The following privileges are needed to execute procedures in the DBMS_SCHEDULER package. This privileges do not apply to lightweight jobs, which are not database objects. Refer to Oracle Database Administrator's Guide for more information about lightweight jobs. Create, ater, or drop jobs, chains, schedules, programs, credentials, resource objects, or incompatibility resource objects in the grantee’s schema. Create, alter, or drop jobs, chains, schedules, programs, credentials, resource objects, or incompatibility resource objects in any schema ‘except SYS, AUDSYS. Note: This extremely powerful privilege allows the grantee to execute code as any other user. It should be granted with caution. Create in the grantee's schema an executable scheduler job that runs on the operating system. ‘Specify any job class in a job in the grantee's schema. Use any program in ajob in the grantee’s schema, Create, alter, or drop any job class, window, or window group. Associate any schedule resource object with any program or job in the grantee’s schema. Manage keys and keystores. Caution: CREATE LIBARARY, CREATE ANY LIBRARY, ALTER ANY LIBRARY, and EXECUTE ANY LIBRARY are extremely powerful privileges that should be granted only to trusted users. Refer to Oracle Database Security Guide before granting these privileges. Create external procedure or function libraries in the grantee's schema. Create external procedure or function libraries in any schema except SYS, AUDSYS. Alter external procedure or function libraries in any schema except SYS, AUDSYS. Drop external procedure or function libraries in any schema except SYS, AUDSYS. Use external procedure or function libraries in any schema except SYS, AUDSYS. Execute procedures in the DBMS_LOGHNR package in a CDB. Query the contents of the VSLOGMNR_CONTENTS view. Create materialized views in the grantee's schema. Create materialized views in any schema except SYS, AUDSYS. Alter materialized views in any schema except SYS, AUDSYS. Drop materialized views in any schema except SYS, AUDSYS. This privilege has been deprecated. No privileges are needed for a user to enable rewrite for a materialized view that references tables or views in the user's own schema, Enable rewrite using a materialized view when that materialized view references tables or views in any schema except SYS. Create a refresh-on-commit materialized view on any table in the database. Alter a refresh-on-demand materialized view on any table in the database to refresh-on-commit. Issue a SQL Flashback Query on any table, view, or materialized view in any schema except SYS. This privilege is not needed to execute ‘the DBMS_FLASHBACK procedures. Create mining models in the grantee's schema using the DBMS_DATA_MINING.CREATE_MODEL procedure. Create mining models in any schema, except SYS, AUDSYS, using the DBNS_DATA_MINING. CREATE_MODEL procedure. Change the mining model name or the associated cost matrix of a model in any schema, except SYS, AUDSYS, using the applicable DBMS_DATA_MINING procedures. Drop mining models in any schema, except SYS, AUDSYS, using the DBMS_DATA_MINING.DROP_MODEL procedure. ‘Score or view mining models in any schema except SYS, AUDSYS. Scoringis done either with the PREDICTION family of SQL functions or with the DBMS_DATA_MINING. APPLY procedure. Viewing the model is done with the DBMS_DATA_MINING.GET_MODEL_DETAILS_* procedures. Create comments on mining models in any schema, except SYS, AUDSYS, using the SQL COMMENT statement. The following privileges are valid when you are using Oracle Database with the OLAP option. Create OLAP cubes in the grantee’s schema. Create OLAP cubes in any schema except SYS, AUDSYS. Alter OLAP cubes in any schema except SYS, AUDSYS. Drop OLAP cubes in any schema except SYS, AUDSYS. ‘Query or view OLAP cubes in any schema except SYS, AUDSYS. Update OLAP cubes in any schema except SYS, AUDSYS. The following privileges are valid when you are using Oracle Database with the OLAP option. Create OLAP measure folders in the grantee's schema. Create OLAP measure folders in any schemia except SYS, AUDSYS. Delete a measure from an OLAP measure folder in any schema except SYS, AUDSYS. Drop OLAP measure folders in any schema except SYS, AUDSYS. Insert a measure into an OLAP measure folder in any schema except SYS, AUDSYS. The following privileges are valid when you are using Oracle Database with the OLAP option. Create OLAP cube dimension in the grantee's schema. Create OLAP cube dimensions in any schema except SYS, AUDSYS. Alter OLAP cube dimensions in any schema except SYS, AUDSYS. Delete from OLAP cube dimensions in any schema except SYS, AUDSYS. Drop OLAP cube dimensions in any schema except SYS, AUDSYS. Insert into OLAP cube dimensions in any schema except SYS, AUDSYS. View or query OLAP cube dimensions in any schema except SYS, AUDSYS. Update OLAP cube dimensions in any schema except SYS, AUDSYS. Create OLAP cube build processes in the grantee's schema. Create OLAP cube build processes in any schema except SYS, AUDSYS. Drop OLAP cube build processes in any schema except SYS, AUDSYS. Update OLAP cube build processes in any schema except SYS, AUDSYS. Create an operator and its bindings in the grantee's schema. Create an operator and its bindings in any schema and create a ‘comment on an operator in any schema, Modify operators in any schema. Drop operators in any schema. Reference operators in any schema. Create public outlines that can be used in any schema that uses outlines. Modify outlines. Drop outlines. Create PDB lockdown profiles. Alter PDB lockdown profiles. Drop PDB lockdown profiles. Perform controlled manipulation of plan history and SOL plan baselines maintained for various SQL statements. Create a PDB. Plug in a PDB that was previously unplugged from a CDB. Clone a PDB. Allow a common user to switch into the container for which this privilege was granted. This privilege can be granted only toa ‘common user or common role. Create stored procedures, functions, or packages in the grantee's schema. Create stored procedures, functions, or packages in any schema ‘except SYS, AUDSYS. Allter stored procedures, functions, or packages in any schema except SYS, AUDSYS. Drop stored procedures, functions, or packages in any schema except SYS, AUDSYS. Execute procedures or functions, either standalone or packaged. Reference public package variables in any schema except SYS, AUDSYS. Execute definer’s rights procedures or functions that contain current user database links. Create profiles. Alter profiles. Drop profiles. Create roles. Alter any role in the database. Drop roles.