Assigning Privileges and Granting Permissions
Subject Privileges
A subject privilege defines the type of operations permissible in a user session. Subject privileges are assigned to a user (subject).
Subject privileges are typically assigned when a user object is created or modified. Subject privileges can also be assigned to roles, as discussed in
Groups and Roles on page 25.
To set or change subject privileges for a user, you must have the maintain_users privilege.
IMPORTANT! Subject privileges allow many trusted operations to be performed. Therefore, assign privileges with care, especially the Security privilege.
The subject privileges are as follows:
auditor
Allows the user to query the security audit log.
change_password
Allows the user to change his password.
createdb
Allows the user to create and destroy databases.
ima_sec_read
Allows the user to access all IMA tables.
maintain_audit
Allows the user to control what information is written to the security audit log.
maintain_locations
Allows the user to manage database and file locations.
maintain_users
Allows the user to perform various user-related functions, such as creating users and roles.
operator
Allows the user to perform database backups and other maintenance operations.
protected_user
Allows the user to be protected from impersonation and alteration from other users.
security
Allows the user to perform security-related operations, including impersonating other users, and to avoid certain security checks, such as database privilege checks.
trace
Allows the user access to tracing and debugging features.
unmask
Allows the user to see masked columns without masking, to use the MASK_COLUMN() function in views, and to use COPY INTO when a table contains columns marked as MASKED.
Last modified date: 06/28/2024