Assigning Privileges and Granting Permissions
Subject Privileges
A subject privilege defines the type of operations permissible in a user session. Subject privileges are assigned to a user (subject).
Subject privileges are typically assigned when a user object is created or modified. Subject privileges can also be assigned to roles, as discussed in
Groups and Roles.
To set or change subject privileges for a user, you must have the maintain_users privilege.
Important! Subject privileges allow many trusted operations to be performed. Therefore, assign privileges with care, especially the Security privilege.
The subject privileges are as follows:
auditor
Enables the user to query the security audit log
change_password
Enables the user to change his password.
createdb
Enables the user to create and destroy databases
maintain_audit
Enables the user to control what information is written to the security audit log
maintain_locations
Enables the user to manage database and file locations
maintain_users
Enables the user to perform various user-related functions, such as creating users and roles
operator
Enables the user to perform database backups and other maintenance operations
security
Enables the user to perform security-related operations, including impersonating other users, and to avoid certain security checks, such as database privilege checks
trace
Enables the user access to tracing and debugging features