Assigning Privileges and Granting Permissions
Subject Privileges
A subject privilege defines the type of operations permissible in a user session. Subject privileges are assigned to a user (subject).
Subject privileges are typically assigned when a user object is created or modified. Subject privileges can also be assigned to roles, as discussed in
Groups and Roles.
To set or change subject privileges for a user, you must have the maintain_users privilege.
IMPORTANT! Subject privileges allow many trusted operations to be performed. Therefore, assign privileges with care, especially the Security privilege.
The subject privileges are as follows:
auditor
Enables the user to query the security audit log.
change_password
Enables the user to change his password.
createdb
Enables the user to create and destroy databases.
ima_sec_read
Allows the user to access all IMA tables.
maintain_audit
Enables the user to control what information is written to the security audit log.
maintain_locations
Enables the user to manage database and file locations.
maintain_users
Enables the user to perform various user-related functions, such as creating users and roles.
operator
Enables the user to perform database backups and other maintenance operations.
protected_user
Allows the user to be protected from impersonation and alteration from other users.
security
Enables the user to perform security-related operations, including impersonating other users, and to avoid certain security checks, such as database privilege checks.
trace
Enables the user access to tracing and debugging features.
Last modified date: 08/29/2024