This section contains a brief summary of all of Oracle’s system privileges, listed in alphabetical order. Some system privileges are new in Oracle8; this is noted in the list. A complete list of new Oracle8 system privileges can also be found later in this chapter.
Allows you to execute the ALTER CLUSTER command for all clusters in the database.
Allows you to execute the ALTER INDEX command for all indexes in the database.
Allows you to execute the CREATE OR REPLACE LIBRARY command to alter an existing external library in another schema.
Allows you to execute the ALTER FUNCTION, ALTER PACKAGE, and ALTER PROCEDURE commands to recompile any function, package, or procedure in the database. Also allows you to execute the CREATE OR REPLACE FUNCTION, CREATE OR REPLACE PACKAGE, and CREATE OR REPLACE PROCEDURE commands on any existing function, package, or procedure in the database.
Allows you to execute the ALTER ROLE command to add, change, or remove a password on the role.
Allows you to execute the ALTER SEQUENCE command on any sequence in the database.
Allows you to execute the ALTER SNAPSHOT command on any snapshot in the database.
Allows you to execute the ALTER TABLE command on any table in the database. You must have the ALTER ANY TRIGGER privilege to execute the ALTER TABLE ... ENABLE/DISABLE ALL TRIGGERS command on tables outside your schema.
Allows you to execute the ALTER TRIGGER command for all triggers in the database. With the ALTER ANY TRIGGER privilege, you can execute an ALTER TRIGGER ... ENABLE/DISABLE command, but you must also have the ALTER ANY TABLE privilege to execute the ALTER TABLE ... ENABLE/DISABLE ALL TRIGGERS command on tables outside your schema.
Allows you to execute the ALTER TYPE command on any user-defined type in any schema.
Allows you to execute the ALTER DATABASE command.
Allows you to execute the ALTER PROFILE command.
Allows you to execute the ALTER RESOURCE COST command.
Allows you to execute the ALTER ROLLBACK SEGMENT command.
Allows you to execute the ALTER SESSION SET SQL_TRACE command.
Allows you to execute the ALTER SYSTEM command.
Allows you to execute the ALTER TABLESPACE command.
Allows you to execute the ALTER USER command. You do not need the ALTER USER privilege to execute the ALTER USER userid IDENTIFIED BY password command to change your own password.
Allows you to execute the ANALYZE command on all tables, clusters, and indexes in the database.
Allows you to execute the AUDIT command on any database object in any schema.
Allows you to execute the AUDIT command to audit SQL statements.
Necessary to perform a full export.
Necessary to import from a full export. There is no SQL statement that directly uses this privilege. However, there is an internal API (Application Programming Interface) that is used by the Import utility and checks for this privilege.
Allows you to execute the COMMENT statement for all tables in the database.
Allows you to execute the CREATE CLUSTER statement and specify any schema as owner.
Allows you to execute the CREATE DIRECTORY statement. Since all BFILE directories are owned by SYS, there is no CREATE DIRECTORY privilege.
Allows you to execute the CREATE INDEX statement and specify any schema as owner.
Allows you to define a library for external functions in any schema.
Allows you to execute the CREATE FUNCTION, CREATE PROCEDURE, and CREATE PACKAGE statements and specify any schema as owner.
Allows you to execute the CREATE SEQUENCE statement and specify any schema as owner.
Allows you to execute the CREATE SNAPSHOT statement and specify any schema as owner.
Allows you to execute the CREATE SYNONYM statement and specify any schema as owner.
Allows you to execute the CREATE TABLE statement and specify any schema as owner. You still must have a quota specified in the TABLESPACE clause.
Allows you to execute the CREATE TRIGGER statement on any table in the database.
Allows you to create a user-defined type in any schema.
Allows you to execute the CREATE VIEW statement and specify any schema as owner.
Allows you to create a cluster in your own schema.
Allows you to create a private database link.
Allows you to execute the CREATE LIBRARY command to define a library in your schema for external procedures.
Allows you to create a function, package, or procedure in your own schema.
Allows you to execute the CREATE PROFILE command.
Allows you to execute the CREATE PUBLIC DATABASE LINK command. This is the one case in which there isn’t a corresponding CREATE ANY version of the privilege. There is no CREATE ANY DATABASE LINK.
Allows you to execute the CREATE PUBLIC DATABASE LINK command.
Allows you to execute the CREATE ROLE command.
Allows you to execute the CREATE ROLLBACK command.
Allows you to create a sequence in your own schema.
Allows you to connect to the database.
Allows you to create a snapshot in your own schema.
Allows you to create a private synonym.
Allows you to create a table in your own schema. You still must have a quota specified for the tablespace listed in the TABLESPACE clause.
Allows you to execute the CREATE TABLESPACE command.
Allows you to create a trigger on a table in your schema.
Allows you to create a user-defined type in your schema.
Allows you to execute the CREATE USER command.
Allows you to execute the CREATE VIEW command within your schema.
Allows you to execute the DELETE statement against any table in the database.
Allows you to execute the DROP CLUSTER command for all clusters in the database.
Allows you to execute the DROP DIRECTORY command. Since all BFILE directories are owned by SYS, there is no DROP DIRECTORY privilege.
Allows you to execute the DROP INDEX command for all indexes in the database.
Allows you to execute the DROP LIBRARY command for any library in the database.
Allows you to execute the DROP FUNCTION, DROP PACKAGE, and DROP PROCEDURE commands for all functions, packages, and procedures in the database.
Allows you to execute the DROP ROLE command.
Allows you to execute the DROP SEQUENCE command for any sequence in any schema.
Allows you to execute the DROP SNAPSHOT command for any snapshot in the database.
Allows you to execute the DROP SYNONYM command for any synonym in the database.
Allows you to execute the DROP TABLE command for any table in the database. You need the DROP ANY TABLE privilege to truncate a table that is not in your schema.
Allows you to execute the DROP TRIGGER command for all triggers in the database.
Allows you to drop any user-defined type in any schema.
Allows you to execute the DROP VIEW command for all views in the database.
Allows you to execute the DROP PROFILE command.
Allows you to execute the DROP PUBLIC DATABASE LINK command. As with the CREATE PUBLIC DATABASE LINK system privilege, there is no corresponding DROP ANY DATABASE LINK system privilege.
Allows you to execute the DROP PUBLIC SYNONYM command.
Allows you to execute the DROP ROLLBACK SEGMENT command for any tablespace in the database.
Allows you to execute the DROP TABLESPACE command for any tablespace in the database.
Allows you to execute the DROP USER command for any user in the database.
Allows you to execute an external function defined in any library in any schema.
Allows you to execute any function, procedure, or package in the database.
Allows you to reference and execute any type or method in any schema.
Allows you to execute the COMMIT FORCE command for any in-doubt transaction in the database.
Allows you to execute the COMMIT FORCE command for any in-doubt transaction you have created.
Allows you to execute the GRANT system privilege command for any role that has not been granted to you WITH ADMIN OPTION.
Allows you to execute the GRANT role command for any role that has not been granted to you WITH ADMIN OPTION. Also allows you to execute the REVOKE role command for any role that has not been granted to you WITH ADMIN OPTION. You may need to have the ALTER USER privilege to specify whether or not the role is a default role.
Allows you to execute the INSERT statement for any table in the database. In order to insert directly into data dictionary tables, you must have the INSERT_CATALOG_ROLE role.
Allows you to execute the LOCK TABLE command for all tables in the database.
Allows you to execute the ALTER TABLESPACE command to take tablespaces offline, to take tablespaces online, or to begin or end backups.
Allows you to execute the SELECT statement to retrieve the next sequence value for any sequence in the database, except those owned by SYS.
Allows you to execute the SELECT statement to query any table in the database. In order to select directly from tables in the data dictionary, you must have the SELECT_CATALOG_ROLE role.
Allows you to have unlimited quotas in every tablespace in the database. This system privilege is automatically granted when the RESOURCE role is granted.The UNLIMITED TABLESPACE system privilege is the only system privilege that cannot be granted to a role.
Allows you to execute the UPDATE statement for all tables and views in the database. In order to update tables in the data dictionary directly, you must have the UPDATE_CATALOG_ROLE role.