| Privilege | Allows the grantee to ... |
|---|---|
| Cluster privileges | |
| CREATE CLUSTER | create, alter, and drop clusters in the grantee's own schema |
| CREATE ANY CLUSTER | create a new cluster in any schema |
| ALTER ANY SCHEMA | alter clusters in any schema |
| DROP ANY CLUSTER | drop any cluster in any schema |
| Database privileges | |
| ALTER DATABASE | execute ALTER DATABASE statement |
| ALTER SYSTEM | execute ALTER SYSTEM statement |
| AUDIT SYSTEM | execute AUDIT and NOAUDIT statements |
| Index privileges | |
| CREATE ANY INDEX | indexes in any schema |
| ALTER ANY INDEX | alter indexes in any schema |
| DROP ANY INDEX | drop indexes in any schema |
| QUERY REWRITE | enable rewrite using a materialized view, or create a function-based index, when that materialized view or index references tables and views that are in the grantee's own schema |
| GLOBAL QUERY REWRITE | enable rewrite using a materialized view, or create a function-based index, when that materialized view or index references tables or views in any schema |
| Procedure privileges | |
| CREATE PROCEDURE | create, alter, and drop procedures, functions, and packages in the grantee's own schema |
| CREATE ANY PROCEDURE | create new procedures, functions, and packages in any schema |
| ALTER ANY PROCEDURE | alter existing procedures, functions, and packages in any schema |
| DROP ANY PROCEDURE | drop any procedure, function, or package in any schema |
| EXECUTE ANY PROCEDURE | execute or reference procedures in any schema |
| Profile privileges | |
| CREATE PROFILE | create new profiles |
| ALTER PROFILE | alter existing profiles |
| DROP PROFILE | drop profiles from the database |
| Role privileges | |
| CREATE ROLE | create new roles |
| ALTER ANY ROLE | alter any role in the database |
| DROP ANY ROLE | drop roles |
| GRANT ANY ROLE | grant any role in the database |
| Rollback segment privileges | |
| CREATE ROLLBACK SEGMENT | create rollback segments |
| ALTER ROLLBACK SEGMENT | alter rollback segments |
| DROP ROLLBACK SEGMENT | drop rollback segments |
| Sequence privileges | |
| CREATE SEQUENCE | create sequences in grantee's schema |
| CREATE ANY SEQUENCE | create sequences in any schema |
| ALTER ANY SEQUENCE | alter any sequence in the database |
| DROP ANY SEQUENCE | drop sequences in any schema |
| SELECT ANY SEQUENCE | reference sequences in any schema |
| Session privileges | |
| CREATE SESSION | connect to the database |
| ALTER RESOURCE COST | set costs for session resources |
| ALTER SESSION | issue ALTER SESSION statements |
| RESTRICTED SESSION | logon after the instance is started using the SQL*Plus STARTUP RESTRICT statement |
| Synonym privileges | |
| CREATE SYNONYM | create synonyms in grantee's schema |
| CREATE ANY SYNONYM | create private synonyms in any schema |
| CREATE PUBLIC SYNONYM | create public synonyms |
| DROP ANY SYNONYM | drop private synonyms in any schema |
| DROP PUBLIC SYNONYM | drop public synonyms |
| Table privileges | |
| CREATE TABLE | create tables in grantee's schema |
| CREATE ANY TABLE | create tables in any schema. The owner of the schema containing the table must have space quota on the tablespace to contain the table. |
| ALTER ANY TABLE | alter any table or view in any schema |
| BACKUP ANY TABLE | use the Export utility to incrementally export objects from the schema of other users |
| DELETE ANY TABLE | delete rows from tables, table partitions, or views in any schema |
| DROP ANY TABLE | drop or truncate tables or table partitions in any schema |
| INSERT ANY TABLE | insert rows into tables and views in any schema |
| LOCK ANY TABLE | lock tables and views in any schema |
| SELECT ANY TABLE | query tables, views, or materialized views in any schema |
| FLASHBACK ANY TABLE | issue a SQL flashback query on any table, view, or materialized view in any schema. (This privilege is not needed to execute the DBMS_FLASHBACK procedures.) |
| UPDATE ANY TABLE | update rows in tables and views in any schema |
| Tablespace privileges | |
| CREATE TABLESPACE | create tablespaces |
| ALTER TABLESPACE | alter tablespaces |
| DROP TABLESPACE | drop tablespaces |
| MANAGE TABLESPACE | take tablespaces offline and online and begin and end tablespace backups |
| UNLIMITED TABLESPACE | Use an unlimited amount of any tablespace. This privilege overrides any specific quotas assigned. If you revoke this privilege from a user, then the user's schema objects remain but further tablespace allocation is denied unless authorized by specific tablespace quotas. You cannot grant this system privilege to roles. |
| User privileges | |
| CREATE USER | |
| ALTER USER |
|
| BECOME USER | become another user. (Required by any user performing a full database import.) |
| DROP USER | drop users |
| View privileges | |
| CREATE VIEW | create views in grantee's schema |
| CREATE ANY VIEW | create views in any schema |
| DROP ANY VIEW | drop views in any schema |
| UNDER ANY VIEW | create subviews under any object views |
| Contexts privileges | |
| CREATE ANY CONTEXT | create any context namespace |
| DROP ANY CONTEXT | drop any context namespace |
| Database links privileges | |
| CREATE DATABASE LINK | create private database links in grantee's schema |
| create public database links | |
| DROP PUBLIC DATABASE LINK | drop public database links |
| Debugging privileges | |
| DEBUG CONNECT SESSION | connect the current session to a debugger that uses the Java Debug Wire Protocol (JDWP). |
| DEBUG ANY PROCEDURE | debug all PL/SQL and Java code in any database object; display information on all SQL statements executed by the application |
| Dimensions privileges | |
| CREATE DIMENSION | create dimensions in the grantee's schema |
| CREATE ANY DIMENSION | create dimensions in any schema |
| ALTER ANY DIMENSION | alter dimensions in any schema |
| DROP ANY DIMENSION | drop dimensions in any schema |
| Directories privileges | |
| CREATE ANY DIRECTORY | create directory database objecst |
| DROP ANY DIRECTORY | drop directory database objects |
| Indextypes privileges | |
| CREATE INDEXTYPE | create an indextype in the grantee's schema |
| CREATE ANY INDEXTYPE | create an indextype in any schema |
| ALTER ANY INDEXTYPE | modify indextypes in any schema |
| DROP ANY INDEXTYPE | drop an indextype in any schema |
| EXECUTE ANY INDEXTYPE | reference an indextype in any schema |
| Libraries privileges | |
| CREATE LIBRARY | create external procedure/function libraries in grantee's schema |
| CREATE ANY LIBRARY | create external procedure/function libraries in any schema |
| DROP ANY LIBRARY | drop external procedure/function libraries in any schema |
| Materialized views privileges | |
| CREATE MATERIALIZED VIEW | create a materialized view in the grantee's schema |
| CREATE ANY MATERIALIZED VIEW | create materialized views in any schema |
| ALTER ANY MATERIALIZED VIEW | alter materialized views in any schema |
| DROP ANY MATERIALIZED VIEW | drop materialized views in any schema |
| ON COMMIT REFRESH | create a refresh-on-commit materialized view on any table in the database |
| Operators privileges | |
| CREATE OPERATOR | create an operator and its bindings in the grantee's schema |
| CREATE ANY OPERATOR | create an operator and its bindings in any schema |
| DROP ANY OPERATOR | drop an operator in any schema |
| EXECUTE ANY OPERATOR | reference an operator in any schema |
| Outlines privileges | |
| CREATE ANY OUTLINE | create public outlines that can be used in any schema that uses outlines |
| ALTER ANY OUTLINE | modify outlines |
| DROP ANY OUTLINE | drop outlines |
| Triggers privileges | |
| CREATE TRIGGER | create a database trigger in grantee's schema |
| CREATE ANY TRIGGER | create database triggers in any schema |
| ALTER ANY TRIGGER | enable, disable, or compile database triggers in any schema |
| DROP ANY TRIGGER | drop database triggers in any schema |
| ADMINISTER DATABASE TRIGGER | create a trigger on DATABASE. (You must also have the CREATE TRIGGER or CREATE ANY TRIGGER privilege.) |
| Types privileges | |
| CREATE TYPE | create object types and object type bodies in grantee's schema |
| CREATE ANY TYPE | create object types and object type bodies in any schema |
| ALTER ANY TYPE | |
| DROP ANY TYPE | drop object types and object type bodies in any schema |
| EXECUTE ANY TYPE | use and reference object types and collection types in any schema, and invoke methods of an object type in any schema if you make the grant to a specific user. If you grant EXECUTE ANY TYPE to a role, then users holding the enabled role will not be able to invoke methods of an object type in any schema. |
| UNDER ANY TYPE | create subtypes under any nonfinal object types |
| Special privileges | |
| SYSDBA |
|
| SYSOPER |
|
| Other privileges | |
| ANALYZE ANY | analyze any table, cluster, or index in any schema |
| AUDIT ANY | audit any object in any schema using AUDIT schema_objects statements |
| COMMENT ANY TABLE | comment on any table, view, or column in any schema |
| EXEMPT ACCESS POLICY | bypass fine-grained access control Caution: This is a very powerful system privilege, as it lets the grantee bypass application-driven security policies. Database administrators should use caution when granting this privilege. |
| FORCE ANY TRANSACTION |
|
| FORCE TRANSACTION | force the commit or rollback of grantee's in-doubt distributed transactions in the local database |
| GRANT ANY OBJECT PRIVILEGE |
|
| GRANT ANY PRIVILEGE | grant any system privilege |
| RESUMABLE | enable resumable space allocation |
| SELECT ANY DICTIONARY | query any data dictionary object in the SYS schema. This privilege lets you selectively override the default FALSE setting of the O7_DICTIONARY_ACCESSIBILITY initialization parameter. |
| CREATE SPFILE | includes the RESTRICTED SESSION privilege |
| GRANT ANY ROLE | Allows the grantee to grant any role. |