Database Reference
In-Depth Information
The following are the general types of privileges in the Oracle database:
System Privileges
These allow the grantee to perform standard administrator tasks in the
database. Restrict them to trusted users.
Roles
As previously described, a role groups privileges and roles so that they can more
easily be granted to and revoked from users.
Table Privileges
These privileges enable security on DML or DDL.
View Privileges
As with tables, you can apply DML object privileges to views.
Procedure Privileges
You can grant the EXECUTE privilege to procedures in packages
and standalone procedures and functions.
Type Privileges
You can grant system privileges to named object types, VARRAYs, and
nested tables.
Privileges in the Oracle Multitenant Environment
In the multitenant environment, a user can exercise privileges only in the current container;
that is, actions that require privileges have local scope. The exception is for common users
who have been granted common privileges to execute operations such as
CREATE USER
,
CREATE ROLE
,
ALTER USER
, and
ALTER PLUGGABLE DATABASE
.
If a common user has been granted privileges to the CDB views and
V$
views and the
CONTAINER_DATA
attribute has been set for the target PDBs, then the user will be able to see
information about PDBs when connected to the
CDB$ROOT
, as noted in previous examples.
Otherwise, the common user cannot query tables or views in a PDB unless using a
DB_LINK
to which adequate privileges have been granted.
If a common user has the SET CONTAINER privilege, then they can set their current
container to a different PDB and exercise privileges in that PDB.
SQL> SHOW USER
USER is "C##MY_DBA"
SQL> SHOW CON_NAME
CON_NAME
------------------------------
CDB$ROOT
SQL> SELECT * FROM hr.countries;
SELECT * FROM hr.countries
*
ERROR at line 1:
ORA-00942: table or view does not exist
SQL> ALTER SESSION SET CONTAINER=lne6;
Session altered.
Search WWH ::
Custom Search