| Previous | Table of Contents | Next |
Privileges such as CREATE ANY VIEW and CREATE ANY PROCEDURE include a series of privileges that I qualify as being needed, depending on what the user is trying to do. If the user to whom you are trying to assign the object does not have another object with the same name as the object that you are trying to create, you do not need any of these special privileges. However, if you are trying to create a table with the same name as one that the user already has, you need to have DROP ANY TABLE to get rid of the existing table so that you can replace it with the new one.
As mentioned earlier, the “any” privileges are something that I use every day. Many of them are not particularly harmful. SELECT ANY TABLE may pull in a lot of data, but nothing is destroyed if you make a typing mistake. Many of them I have never used (ALTER ANY TRIGGER, for example). Let’s go over some guidelines that I use when working with these “any” privileges using my DBA account:
Next on the list of system privileges are those that you use to maintain the database itself. These are some of the traditional DBA privileges that you use to create the database, add tablespaces, and so forth (see Table 13.5).
| Privilege | Description |
|---|---|
| ALTER DATABASE | Allows the alter database command to be issued. Some of the functions of this command include mounting and opening the database, managing log files and control files, and changing the archivelog status. |
| CREATE PROFILE | Allows the user to create profiles that set limits on the usage of certain Oracle resources by users assigned that profile. |
| ALTER PROFILE | Allows the user to modify profiles. |
| DROP PROFILE | Allows the user to drop profiles. |
| ALTER RESOURCE COST | Allows the user to change the cost assigned to various resources when these costs are tracked by the database. |
| CREATE PUBLIC DATABASE LINK | Allows the user to create a link to another Oracle instance that is accessible by all users in the system. |
| DROP PUBLIC DATABASE LINK | Allows the user to drop a public database link. |
| CREATE ROLE | Allows the user to create a role. |
| CREATE ROLLBACK SEGMENT | Allows the user to create rollback segments within a tablespace. |
| ALTER ROLLBACK SEGMENT | Allows the user to modify the structure of existing rollback segments. |
| DROP ROLLBACK SEGMENT | Allows the user to drop a rollback segment. |
| ALTER SYSTEM | Allows the user to issue the ALTER SYSTEM command. This command is used to switch log files, check data files, set certain system parameters, kill user connections to the Oracle instance, and other similar functions. |
| CREATE TABLESPACE | Allows the user to create a new tablespace. Note that the Oracle user ID needs to have operating system permission and that directory. There also must be sufficient disk space available. |
| ALTER TABLESPACE | Allows the user to modify the configuration of existing tablespaces. This includes adding data files to the tablespace. |
| MANAGE TABLESPACE | Allows the user to perform warm backups of the tablespace and switch the tablespace offline and online. |
| BECOME USER | Switch to become another user in the database. Used for full database imports and exports only. It does not work from the SQL*Plus prompt. |
| ALTER USER | Change the configuration of any Oracle user account (including changing passwords). |
| DROP USER | Remove a user from the system. |
Finally, there is a privilege used to control access to the auditing utilities that Oracle uses (see Table 13.6). (Actually, there are two, but the AUDIT ANY privilege, which enables you to audit access to database objects of any users, is covered under the “any” privileges.)
| Privilege | Description |
|---|---|
| AUDIT SYSTEM | Allows the user to issue audit commands related to the usage of certain SQL statements, especially those related to system privileges. |
| Previous | Table of Contents | Next |