5. Assigning Privileges and Granting Permissions
Share this page                  
Assigning Privileges and Granting Permissions
Subject Privileges
A subject privilege defines the type of operations permissible in a user session. Subject privileges are assigned to a user (subject).
Subject privileges are typically assigned when a user object is created or modified. Subject privileges can also be assigned to roles, as discussed in Groups and Roles.
To set or change subject privileges for a user, you must have the maintain_users privilege.
Important!  Subject privileges allow many trusted operations to be performed. Therefore, assign privileges with care, especially the Security privilege.
The subject privileges are as follows:
Enables the user to query the security audit log
Enables the user to change his password.
Enables the user to create and destroy databases
Enables the user to control what information is written to the security audit log
Enables the user to manage database and file locations
Enables the user to perform various user-related functions, such as creating users and roles
Enables the user to perform database backups and other maintenance operations
Enables the user to perform security-related operations, including impersonating other users, and to avoid certain security checks, such as database privilege checks
Enables the user access to tracing and debugging features