An authorization identifier is an entity to which access to database objects can be granted. The four authorization identifiers are: Role, User, Group, or PUBLIC.

Data "at rest" is data on physical media recorded in a persistent form.

A database procedure is a set of SQL statements and control statements in a begin/end block that are stored as a unit in the database.

A default group is the group assigned to a user when a user object is created or modified.

A default profile is the profile initially assigned to a user if one is not explicitly assigned.

A grant is an object permission assigned to a group, role, or user.

A group is an identifier that can be used to apply permissions to a list of users associated with the identifier.

An object permission defines a capability related to a specific object, such as a database or a table. Object permissions are assigned to selected groups, roles, or users. Object permissions are also called grants, permits, or object privileges.

A privileged user is any user with the necessary privileges to perform security-related operations. The system administrator, database administrator, or security administrator are privileged users.

A profile is a template that defines a set of subject privileges and other attributes that can be applied to one or more users. The user authorization process can be streamlined by using profiles.

A role is an identifier that can be used to associate permissions with applications.

A security alarm is an entity that can be created to monitor a security-related event, such as connecting to a database or updating a table.

Security auditing is the recording of all or specified classes of security events for the entire installation.

A subject privilege defines the type of operations permissible in a user session. Subject privileges are assigned to a user (subject).

A user object is a definition that specifies the user’s name, default group, default profile, subject privileges, and several other attributes.