System Privileges for Oracle Database XE

In this sixth part of a ten-part series on securing Oracle Database XE, you'll learn how to use and grant system privileges. This article is excerpted from chapter 31 of the book Beginning PHP and Oracle: From Novice to Professional, written by W. Jason Gilmore and Bob Bryla (Apress; ISBN: 1590597702).

TABLE OF CONTENTS:

By: Apress Publishing

Poor Best

Rating:

/ 2

January 13, 2011

print this article

SEARCH DEV SHED

TOOLS YOU CAN USE

Using System Privileges

A system privilege is a right to perform an action on any object in the database, as well as other actions that do not involve objects at all but rather such tasks as running batch jobs, altering system parameters, creating roles, and even connecting to the database itself. There are 166 system privileges in Oracle Database XE. You can find them in the data dictionary table SYSTEM_PRIVILEGE_MAP.

Table 31-6 lists some of the more common system privileges, along with a brief description of each.

Table 31-6. Common System Privileges

System Privilege	Capability
ALTER DATABASE	Make changes to the database, such as changing the state of the database from MOUNTto OPEN, or recovering a database.
ALTER SYSTEM	Issue ALTER SYSTEMstatements: switch to the next redo log group and change system-initialization parameters in the SPFILE.
AUDIT SYSTEM	Issue AUDITstatements.
CREATE DATABASE LINK	Create database links to remote databases.
CREATE ANY INDEX	Create an index in any schema; CREATE INDEXis granted along with CREATE TABLEfor the user’s schema.
CREATE PROFILE	Create a resource/password profile.
CREATE PROCEDURE	Create a function, procedure, or package in your own schema.
CREATE ANY PROCEDURE	Create a function, procedure, or package in any schema.
CREATE SESSION	Connect to the database.
CREATE SYNONYM	Create a private synonym in your own schema.
CREATE ANY SYNONYM	Create a private synonym in any schema.
CREATE PUBLIC SYNONYM	Create a public synonym.
DROP ANY SYNONYM	Drop a private synonym in any schema.
DROP PUBLIC SYNONYM	Drop a public synonym.
CREATE TABLE	Create a table in your own schema.
CREATE ANY TABLE	Create a table in any schema.
CREATE TABLESPACE	Create a new tablespace in the database.
CREATE USER	Create a user account/schema.
ALTER USER	Make changes to a user account/schema.

Table 31-6. Common System Privileges (Continued)

System Privilege	Capability
CREATE VIEW	Create a view in your own schema.
SYSDBA	Create an entry in the external password file, if enabled; also, perform
	startup/shutdown, alter a database, create a database, recover a
	database, create an SPFILE, and connect when the database is in
	RESTRICTED SESSIONmode.
SYSOPER	Create an entry in the external password file, if enabled; also, perform
	startup/shutdown, alter a database, recover a database, create an
	SPFILE, and connect when the database is in RESTRICTED SESSION
	mode.