Assigning Privileges and Granting Permissions
Subject Privileges
A subject privilege defines the type of operations permissible in a user session. Subject privileges are assigned to a user (subject).
Subject privileges are typically assigned when a user object is created or modified. Subject privileges can also be assigned to roles, as discussed in
Groups and Roles (see page
Groups and Roles).
To set or change subject privileges for a user, you must have the maintain_users privilege.
Important! Subject privileges allow many trusted operations to be performed. Therefore, assign privileges with care, especially the Security privilege.
The subject privileges are as follows:
auditor
Enables the user to query the security audit log
createdb
Enables the user to create and destroy databases
maintain_audit
Enables the user to control what information is written to the security audit log
maintain_locations
Enables the user to manage database and file locations
maintain_users
Enables the user to perform various user-related functions, such as creating users and roles
operator
Enables the user to perform database backups and other maintenance operations
security
Enables the user to perform security-related operations, including impersonating other users, and to avoid certain security checks, such as database privilege checks
trace
Enables the user access to tracing and debugging features