Actions, Privileges, and Roles
Certain actions you might want to take in an Oracle database require that you have specific system privileges or initial roles. Table 15.1 summarizes the system privileges you need to perform some basic actions using the Oracle database.
|
If You Need to Perform This Type of Action... |
You Need This System Privilege |
|
Connect to the database |
CREATE SESSION |
|
Create an object in your schema |
The corresponding CREATE ... system privilege |
|
Create an object in someone else’s schema |
The corresponding CREATE ANY... system privilege |
|
Drop an object in your schema |
The corresponding DROP... system privilege |
|
Drop an object in someone else’s schema |
The corresponding DROP ANY... system privilege |
|
Manipulate the database |
ALTER DATABASE |
|
Manipulate the instance |
ALTER SYSTEM |
|
Manipulate a tablespace |
ALTER/CREATE/DROP/MANAGE TABLESPACE |
|
Change a user’s password |
ALTER USER |
|
Change a user’s default roles |
ALTER USER |
|
Exceed quotas in any tablespace |
UNLIMITED TABLESPACE |
|
Connect to an instance started in RESTRICTED mode |
RESTRICTED SESSION |
Table 15.2 summarizes the roles you need to perform the actions you are likely to perform with the Oracle database.
|
If You Need to Perform This Type of Action... |
You Need This Role |
|
Carry out DBA functions |
DBA |
|
Create objects in your own schema |
CONNECT or RESOURCE |
|
Export the entire database |
EXP_FULL_DATABASE |
|
Import from a full export |
IMP_FULL_DATABASE |
|
Manipulate data dictionary objects directly |
SELECT_CATALOG_ROLE, EXECUTE_CATALOG_ROLE, DELETE_CATALOG_ROLE |
|
Manage Advanced Queuing facility |
AQ_ADMINISTRATOR_ROLE |
|
Send or receive queued messages |
AQ_USER_ROLE |
|
Use the SQL*Plus AUTOTRACE facility |
PLUSTRACE |
|
Manage backups with RMAN |
RECOVERY_CATALOG_OWNER |
|
Run TKPROF |
TKPROFER |
|
Manage external data gateways |