This topic describes the privilege types in Oracle mode of OceanBase Database.
In Oracle mode, privileges are divided into the following two types:
Object privileges: Privileges to perform operations on specific objects, such as ALTER, SELECT, and UPDATE on a table.
System privileges: Privileges to perform specific database operations on a schema or any schema.
Note
System privileges are more extensive than object privileges.
The following table describes the privileges in Oracle mode of OceanBase Database:
| Privilege Type | Privilege | Description |
|---|---|---|
| Object Privileges | ALTER | The privilege to modify the table schema. |
| Object Privileges | INSERT | The privilege to insert data into tables and views. |
| Object Privileges | UPDATE | The privilege to modify data in tables and views. |
| Object Privileges | DELETE | The privilege to delete data from tables and views. |
| Object Privileges | SELECT | The privilege to use tables, views, synonyms, and sequences. |
| Object Privileges | INDEX | The privilege to create indexes on tables. |
| Object Privileges | REFERENCES | The privilege to reference tables. |
| Object Privileges | EXECUTE | The privilege to execute stored procedures, functions, and system packages. |
| Object Privileges | DEBUG | The privilege to debug programs. |
| Object Privileges | READ | The read privilege. |
| Object Privileges | WRITE | The write privilege. |
| System Privileges | CREATE SESSION | The privilege to create sessions. |
| System Privileges | CREATE TABLE | The privilege to create tables. |
| System Privileges | CREATE ANY TABLE | The privilege to create any table. |
| System Privileges | ALTER ANY TABLE | The privilege to modify any table. |
| System Privileges | DELETE ANY TABLE | The privilege to delete data from any table. |
| System Privileges | DROP ANY TABLE | The privilege to drop any table. |
| System Privileges | BACKUP ANY TABLE | The privilege to backup any table. |
| System Privileges | LOCK ANY TABLE | The privilege to lock any table. |
| System Privileges | COMMENT ANY TABLE | The privilege to add comments to any table. |
| System Privileges | INSERT ANY TABLE | The privilege to insert rows into any table. |
| System Privileges | SELECT ANY TABLE | The privilege to use any table. |
| System Privileges | FLASHBACK ANY TABLE | The privilege to flashback any table. |
| System Privileges | UPDATE ANY TABLE | The privilege to modify rows in any table. |
| System Privileges | CREATE ROLE | The privilege to create roles. |
| System Privileges | DROP ANY ROLE | The privilege to drop any role. |
| System Privileges | GRANT ANY ROLE | The privilege to grant any role. |
| System Privileges | ALTER ANY ROLE | The privilege to modify any role. |
| System Privileges | AUDIT ANY | The privilege to set audit options for any object. |
| System Privileges | GRANT ANY PRIVILEGE | The privilege to grant any system privilege to a user. |
| System Privileges | GRANT ANY OBJECT PRIVILEGE | The privilege to grant any object privilege to a user. |
| System Privileges | CREATE ANY INDEX | The privilege to create any index. |
| System Privileges | ALTER ANY INDEX | The privilege to modify any index. |
| System Privileges | DROP ANY INDEX | The privilege to drop any index. |
| System Privileges | CREATE VIEW | The privilege to create views. |
| System Privileges | CREATE ANY VIEW | The privilege to create any view. |
| System Privileges | DROP ANY VIEW | The privilege to drop any view. |
| System Privileges | SELECT ANY DICTIONARY | The privilege to use any data dictionary. |
| System Privileges | CREATE PROCEDURE | The privilege to create stored procedures for a user. |
| System Privileges | CREATE ANY PROCEDURE | The privilege to create any stored procedure for a user. |
| System Privileges | ALTER ANY PROCEDURE | The privilege to modify any stored procedure. |
| System Privileges | DROP ANY PROCEDURE | The privilege to drop any stored procedure. |
| System Privileges | EXECUTE ANY PROCEDURE | The privilege to execute any stored procedure. |
| System Privileges | CREATE SYNONYM | The privilege to create synonyms for a user. |
| System Privileges | CREATE ANY SYNONYM | The privilege to create any synonym for a user. |
| System Privileges | CREATE PUBLIC SYNONYM | The privilege to create public synonyms. |
| System Privileges | DROP ANY SYNONYM | The privilege to drop any synonym. |
| System Privileges | DROP PUBLIC SYNONYM | The privilege to drop public synonyms. |
| System Privileges | CREATE SEQUENCE | The privilege to create sequences for a user. |
| System Privileges | CREATE ANY SEQUENCE | The privilege to create any sequence. |
| System Privileges | ALTER ANY SEQUENCE | The privilege to modify any sequence. |
| System Privileges | DROP ANY SEQUENCE | The privilege to drop any sequence. |
| System Privileges | SELECT ANY SEQUENCE | The privilege to use any sequence. |
| System Privileges | CREATE TRIGGER | The privilege to create triggers for a user. |
| System Privileges | CREATE ANY TRIGGER | The privilege to create any trigger for a user. |
| System Privileges | ALTER ANY TRIGGER | The privilege to modify any trigger. |
| System Privileges | DROP ANY TRIGGER | The privilege to drop any trigger. |
| Privilege | CREATE PROFILE | The privilege to create a resource limit profile. |
| Privilege | ALTER PROFILE | The privilege to modify a resource limit profile. |
| Privilege | DROP PROFILE | The privilege to drop a resource limit profile. |
| Privilege | CREATE USER | The privilege to create a user. |
| Privilege | ALTER USER | The privilege to modify a user. |
| Privilege | DROP USER | The privilege to drop a user. |
| Privilege | BECOME USER | The privilege to switch user status. |
| Privilege | CREATE TYPE | The privilege to create a type. |
| Privilege | CREATE ANY TYPE | The privilege to create any type. |
| Privilege | ALTER ANY TYPE | The privilege to modify any type. |
| Privilege | DROP ANY TYPE | The privilege to drop any type. |
| Privilege | EXECUTE ANY TYPE | The privilege to execute any type. |
| Privilege | PURGE DBA_RECYCLEBIN | The privilege to clear the recycle bin. |
| Privilege | CREATE ANY OUTLINE | The privilege to create any execution plan. |
| Privilege | ALTER ANY OUTLINE | The privilege to modify any execution plan. |
| Privilege | DROP ANY OUTLINE | The privilege to drop any execution plan. |
| Privilege | CREATE TABLESPACE | The privilege to create a tablespace. |
| Privilege | ALTER TABLESPACE | The privilege to modify a tablespace. |
| Privilege | DROP TABLESPACE | The privilege to drop a tablespace. |
| Privilege | SHOW PROCESS | The privilege to view all user threads. |
| Privilege | ALTER SYSTEM | The privilege to modify server settings. |
| Privilege | CREATE DATABASE LINK | The privilege to create a database link. |
| Privilege | CREATE PUBLIC DATABASE LINK | The privilege to create a public database link. |
| Privilege | DROP DATABASE LINK | The privilege to drop a database link. |
| Privilege | ALTER SESSION | The privilege to modify a session. |
| Privilege | ALTER DATABASE | The privilege to modify a database. |
| Privilege | CREATE ANY DIRECTORY | The privilege to create any directory. |
| Privilege | DROP ANY DIRECTORY | The privilege to drop any directory. |
| Privilege | DEBUG CONNECT SESSION | The privilege to debug a connected session. |
| Privilege | DEBUG ANY PROCEDURE | The privilege to debug any procedure. |
| Privilege | CREATE ANY CONTEXT | The privilege to create any context. |
| Privilege | DROP ANY CONTEXT | The privilege to drop any context. |
| Privilege | CREATE LOCATION
NoteFor OceanBase Database V4.4.x, the |
The privilege to execute the CREATE LOCATION, ALTER LOCATION, and DROP LOCATION statements. |
| Privilege | CREATE SENSITIVE RULE | The privilege to execute the CREATE/DROP SENSITIVE RULE statement. The SYS user has this privilege by default, and it cannot be revoked. You will also automatically obtain this privilege when you create a new cluster or upgrade the database. |
| Privilege | PLAINACCESS | The privilege to access all plaintext data, including sensitive data, without being restricted by sensitive rules. This privilege is not included in GRANT/REVOKE ALL PRIVILEGES. The SYS user has this privilege by default, and it cannot be revoked. You will also automatically obtain this privilege when you create a new cluster or upgrade the database. |
| Object privilege | PLAINACCESS | The privilege to access plaintext data on the columns associated with a rule. The user who creates the rule does not automatically have the PLAINACCESS privilege for this rule. You must grant this privilege separately. |
References
For more information about the management of privileges in OceanBase Database, see: