Security Guide : 3. Assigning Privileges and Granting Permissions
 
Share this page                  
Assigning Privileges and Granting Permissions
 
Subject Privileges
Object Permissions
Grant Overhead
Subject Privileges
A subject privilege defines the type of operations permissible in a user session. Subject privileges are assigned to a user (subject).
Subject privileges are typically assigned when a user object is created or modified. Subject privileges can also be assigned to roles, as discussed in Groups and Roles.
To set or change subject privileges for a user, you must have the maintain_users privilege.
Important!  Subject privileges allow many trusted operations to be performed. Therefore, assign privileges with care, especially the Security privilege.
The subject privileges are as follows:
auditor
Allows the user to query the security audit log
change_password
Allows the user to change his password.
createdb
Allows the user to create and destroy databases
maintain_audit
Allows the user to control what information is written to the security audit log
maintain_locations
Allows the user to manage database and file locations
maintain_users
Allows the user to perform various user-related functions, such as creating users and roles
operator
Allows the user to perform database backups and other maintenance operations
security
Allows the user to perform security-related operations, including impersonating other users, and to avoid certain security checks, such as database privilege checks
trace
Allows the user access to tracing and debugging features
unmask
Allows the user to see masked columns without masking, to use the MASK_COLUMN() function in views, and to use COPY INTO when a table contains columns marked as MASKED