This topic describes the privilege types in Oracle-compatible mode of OceanBase Database.
In Oracle-compatible mode, privileges are divided into two types:
Object privileges: Privileges to operate on specific objects, such as ALTER, SELECT, and UPDATE on a table.
System privileges: Privileges that allow a user to perform specific database operations on a schema or any schema.
Note
System privileges provide more extensive permissions than object privileges.
The following table describes the privileges in OceanBase Database's Oracle-compatible mode:
| Privilege type | Privilege | Description |
|---|---|---|
| Object privileges | ALTER | The privilege to modify the table structure. |
| Object privileges | INSERT | The privilege to insert data into tables and views. |
| Object privileges | UPDATE | The privilege to modify data in tables and views. |
| Object privileges | DELETE | The privilege to delete data in tables and views. |
| Object privileges | SELECT | The privilege to use tables, views, synonyms, and sequences. |
| Object privileges | INDEX | The privilege to create indexes on tables. |
| Object privileges | REFERENCES | The privilege to reference tables. |
| Object privileges | EXECUTE | The privilege to execute stored procedures, functions, and system packages. |
| Object privileges | DEBUG | The privilege to debug programs. |
| Object privileges | READ | The read privilege. |
| Object privileges | WRITE | The write privilege. |
| System privileges | CREATE SESSION | The privilege to create sessions. |
| System privileges | CREATE TABLE | The privilege to create tables. |
| System privileges | CREATE ANY TABLE | The privilege to create any table. |
| System privileges | ALTER ANY TABLE | The privilege to modify any table. |
| System privileges | DELETE ANY TABLE | The privilege to delete data from any table. |
| System privileges | DROP ANY TABLE | The privilege to drop any table. |
| System privileges | BACKUP ANY TABLE | The privilege to backup any table. |
| System privileges | LOCK ANY TABLE | The privilege to lock any table. |
| System privileges | COMMENT ANY TABLE | The privilege to add comments to any table. |
| System privileges | INSERT ANY TABLE | The privilege to insert rows into any table. |
| System privileges | SELECT ANY TABLE | The privilege to use any table. |
| System privileges | FLASHBACK ANY TABLE | The privilege to flashback any table. |
| System privileges | UPDATE ANY TABLE | The privilege to modify rows in any table. |
| System privileges | CREATE ROLE | The privilege to create roles. |
| System privileges | DROP ANY ROLE | The privilege to drop any role. |
| System privileges | GRANT ANY ROLE | The privilege to grant any role. |
| System privileges | ALTER ANY ROLE | The privilege to modify any role. |
| System privileges | AUDIT ANY | The privilege to set audit options for any object. |
| System privileges | GRANT ANY PRIVILEGE | The privilege to grant any system privilege to users. |
| System privileges | GRANT ANY OBJECT PRIVILEGE | The privilege to grant any object privilege to users. |
| System privileges | CREATE ANY INDEX | The privilege to create any index. |
| System privileges | ALTER ANY INDEX | The privilege to modify any index. |
| System privileges | DROP ANY INDEX | The privilege to drop any index. |
| System privileges | CREATE VIEW | The privilege to create views. |
| System privileges | CREATE ANY VIEW | The privilege to create any view. |
| System privileges | DROP ANY VIEW | The privilege to drop any view. |
| System privileges | SELECT ANY DICTIONARY | The privilege to use any data dictionary. |
| System privileges | CREATE PROCEDURE | The privilege to create stored procedures for users. |
| System privileges | CREATE ANY PROCEDURE | The privilege to create any stored procedure for users. |
| System privileges | ALTER ANY PROCEDURE | The privilege to modify any stored procedure. |
| System privileges | DROP ANY PROCEDURE | The privilege to drop any stored procedure. |
| System privileges | EXECUTE ANY PROCEDURE | The privilege to execute any stored procedure. |
| System privileges | CREATE SYNONYM | The privilege to create synonyms for users. |
| System privileges | CREATE ANY SYNONYM | The privilege to create any synonym for users. |
| System privileges | CREATE PUBLIC SYNONYM | The privilege to create public synonyms. |
| System privileges | DROP ANY SYNONYM | The privilege to drop any synonym. |
| System privileges | DROP PUBLIC SYNONYM | The privilege to drop public synonyms. |
| System privileges | CREATE SEQUENCE | The privilege to create sequences for users. |
| System privileges | CREATE ANY SEQUENCE | The privilege to create any sequence. |
| System privileges | ALTER ANY SEQUENCE | The privilege to modify any sequence. |
| System privileges | DROP ANY SEQUENCE | The privilege to drop any sequence. |
| System privileges | SELECT ANY SEQUENCE | The privilege to use any sequence. |
| System privileges | CREATE TRIGGER | The privilege to create triggers for users. |
| System privileges | CREATE ANY TRIGGER | The privilege to create any trigger for users. |
| System privileges | ALTER ANY TRIGGER | The privilege to modify any trigger. |
| System privileges | DROP ANY TRIGGER | The privilege to drop any trigger. |
| System privileges | CREATE PROFILE | The privilege to create a resource limit profile. |
| System privileges | ALTER PROFILE | The privilege to modify a resource limit profile. |
| System privileges | DROP PROFILE | The privilege to drop a resource limit profile. |
| System privileges | CREATE USER | The privilege to create a user. |
| System privileges | ALTER USER | The privilege to modify a user. |
| System privileges | DROP USER | The privilege to drop a user. |
| System privileges | BECOME USER | The privilege to switch user states. |
| System privileges | CREATE TYPE | The privilege to create a type. |
| System privileges | CREATE ANY TYPE | The privilege to create any type. |
| System privileges | ALTER ANY TYPE | The privilege to modify any type. |
| System privileges | DROP ANY TYPE | The privilege to drop any type. |
| System privileges | EXECUTE ANY TYPE | The privilege to execute any type. |
| System privileges | PURGE DBA_RECYCLEBIN | The privilege to clear the recycle bin. |
| System privileges | CREATE ANY OUTLINE | The privilege to create any execution plan. |
| System privileges | ALTER ANY OUTLINE | The privilege to modify any execution plan. |
| System privileges | DROP ANY OUTLINE | The privilege to drop any execution plan. |
| System privileges | CREATE TABLESPACE | The privilege to create a tablespace. |
| System privileges | ALTER TABLESPACE | The privilege to modify a tablespace. |
| System privileges | DROP TABLESPACE | The privilege to drop a tablespace. |
| System privileges | SHOW PROCESS | The privilege to view all user threads. |
| System privileges | ALTER SYSTEM | The privilege to modify server settings. |
| System privileges | CREATE DATABASE LINK | The privilege to create a database link. |
| System privileges | CREATE PUBLIC DATABASE LINK | The privilege to create a public database link. |
| System privileges | DROP DATABASE LINK | The privilege to drop a database link. |
| System privileges | ALTER SESSION | The privilege to modify a session. |
| System privileges | ALTER DATABASE | The privilege to modify a database. |
| System privileges | CREATE ANY DIRECTORY | The privilege to create any directory. |
| System privileges | DROP ANY DIRECTORY | The privilege to drop any directory. |
| System privileges | DEBUG CONNECT SESSION | The privilege to debug a connected session. |
| System privileges | DEBUG ANY PROCEDURE | The privilege to debug any procedure. |
| System privileges | CREATE ANY CONTEXT | The privilege to create any context. |
| System privileges | DROP ANY CONTEXT | The privilege to drop any context. |
| System privileges | CREATE LOCATION
NoteFor OceanBase Database V4.4.x, the |
The privilege to determine whether a user can execute the CREATE LOCATION, ALTER LOCATION, and DROP LOCATION statements. |
| System privileges | CREATE SENSITIVE RULE | The privilege to determine whether a user can execute the CREATE/DROP SENSITIVE RULE statements. The SYS user has this privilege by default, and it cannot be revoked. This privilege is also automatically granted when a new cluster is created or after an upgrade. |
| System privileges | PLAINACCESS | The privilege to determine whether a user can access all plaintext data, including sensitive data, without being restricted by sensitive rules. This privilege is not included in GRANT/REVOKE ALL PRIVILEGES. The SYS user has this privilege by default, and it cannot be revoked. This privilege is also automatically granted when a new cluster is created or after an upgrade. |
| Rule privileges | PLAINACCESS | The privilege to determine whether a user can access plaintext data on the columns associated with a specific rule. The user who creates a rule does not automatically have the PLAINACCESS privilege for that rule and must be granted it separately. |
References
For more information about the operations related to OceanBase Database privilege management, see: