Table 13.4. The “any” privileges.
|
| Privilege
| Description
|
|
| ANALYZE ANY
| Allows the user to collect optimizer statistics, validate the structure, or identify migrated and chained rows in any table or cluster in the database.
|
| AUDIT ANY
| Allows the user to perform object auditing on any object in the database.
|
| CREATE ANY CLUSTER
| Allows the user to create a cluster and assign ownership to any user in the database.
|
| ALTER ANY CLUSTER
| Allows the user to alter clusters owned by any user in the database.
|
| DROP ANY CLUSTER
| Allows the user to drop clusters owned by any user in the database.
|
| CREATE ANY INDEX
| Allows the user to create an index on any table in the database and assign ownership to any user in the database.
|
| ALTER ANY INDEX
| Allows the user to alter any index owned by any user in the database.
|
| DROP ANY INDEX
| Allows the user to drop any index owned by any user in the database.
|
| GRANT ANY PRIVILEGE
| Allows the user to grant any system privilege to any user in the database. This is the prime requirement for DBAs being able to grant system privileges. Note, this does not allow the users to grant object privileges. Only the object owners can grant object privileges.
|
| CREATE ANY PROCEDURE
| Allows a user to create a procedure, package, or function and assign ownership to any user in the database. Has the prerequisites of ALTER ANY TABLE, BACKUP ANY TABLE, DROP ANY TABLE, LOCK ANY TABLE, COMMENT ANY TABLE, SELECT ANY TABLE, INSERT ANY TABLE, UPDATE ANY TABLE, DELETE ANY TABLE or GRANT ANY TABLE, depending on what the function actually does. Note that CREATE ANY PROCEDURE is good enough to create a procedure that accesses database objects (for example, tables) that are open for public access. The prerequisites come into play when you try to access (select or update) a database object and you do not have an explicit access grant for your user ID.
|
| ALTER ANY PROCEDURE
| Allows the user to modify any procedure, package, or function owned by any user in the database.
|
| DROP ANY PROCEDURE
| Allows the user to drop any procedure, package, or function owned by any user in the database.
|
| EXECUTE ANY PROCEDURE
| Allows the user to execute any procedure, package, or function owned by any user in the database. This overrides the object privileges assigned to the procedure, package, or function by the owner.
|
| ALTER ANY ROLE
| Allows the user to modify any role created in the database.
|
| DROP ANY ROLE
| Allows the user to drop any role in the database.
|
| GRANT ANY ROLE
| Allows the user to assign a role to another user in the database.
|
| CREATE ANY SEQUENCE
| Allows the user to create a sequence and assign ownership to any user in the database.
|
| ALTER ANY SEQUENCE
| Allows the user to modify any sequence owned by any user in the database.
|
| DROP ANY SEQUENCE
| Allows the user to drop any sequence owned by any user in the database.
|
| SELECT ANY SEQUENCE
| Allows the user to select values from any sequence owned by any user in the database.
|
| CREATE ANY SNAPSHOT
| Allows the user to create a local copy of a table in another instance and assign ownership to any user in the database. The user must have CREATE ANY TABLE privileges.
|
| ALTER ANY SNAPSHOT
| Allows the user to compile any snapshot owned by any user in the database.
|
| DROP ANY SNAPSHOT
| Allows the user to drop any snapshot owned by any user in the database.
|
| CREATE ANY SYNONYM
| Allows the user to create a private synonym and assign ownership to any user in the database.
|
| DROP ANY SYNONYM
| Allows the user to drop any private synonym owned by any user in the database.
|
| CREATE ANY TABLE
| Allows the user to create a table and assign ownership to any user in the database. Note that the assigned owner’s privileges and quotas will be used to see whether the table can be created.
|
| ALTER ANY TABLE
| Allows the user to modify the structure of any table owned by any user in the database.
|
| BACKUP ANY TABLE
| Allows the user to use the Export utility to back up tables owned by any other user in the database. This is needed by DBAs or operators who use the Export utility for database backups.
|
| DROP ANY TABLE
| Allows the user to drop any table owned by any user in the database.
|
| LOCK ANY TABLE
| Allows the user to issue locks to any table (or rows within the table) owned by any user in the database.
|
| COMMENT ANY TABLE
| Allows the user to enter comments on any table owned by any user in the database.
|
| SELECT ANY TABLE
| Allows the user to retrieve data from any table owned by any user in the database.
|
| INSERT ANY TABLE
| Allows the user to add new rows to any table owned by any user in the database.
|
| UPDATE ANY TABLE
| Allows the user to update rows in any table owned by any user in the database.
|
| DELETE ANY TABLE
| Allows the user to delete rows from any table owned by any user in the database. This privilege is needed to truncate tables owned by other users.
|
| FORCE ANY TRANSACTION
| Allows the user to commit or roll back distributed database transactions related to any user in the database.
|
| CREATE ANY TRIGGER
| Allows the user to create a trigger and assign ownership to any user in the database.
|
| ALTER ANY TRIGGER
| Allows the user to modify (enable, disable, or recompile) any trigger owned by any user in the database.
|
| DROP ANY TRIGGER
| Allows the user to drop any trigger owned by any user in the database.
|
| CREATE ANY VIEW
| Allows the user to create a view and assign ownership to any user in the database. The creator must also have ALTER ANY TABLE, BACKUP ANY TABLE, DROP ANY TABLE, LOCK ANY TABLE, COMMENT ANY TABLE, SELECT ANY TABLE, INSERT ANY TABLE, UPDATE ANY TABLE, or DELETE ANY TABLE, depending on the exact view that the user is trying to create. These prerequisites come into play only when you are trying to access a database table for which you do not have a specific access granted to your user ID. If you have specific access grants to your user ID or the table is available to PUBLIC, you do not need the prerequisite privileges described.
|
| DROP ANY VIEW
| Allows the user to drop any view owned by any user in the database.
|
| CREATE ANY TYPE
| Create a user type owned by any user in the database.
|
| DROP ANY TYPE
| Drop a user type owned by any user in the database.
|
| CREATE ANY LIBRARY
| Create a library owned by any user in the database.
|
| DROP ANY LIBRARY
| Drop a library owned by any user in the database.
|