420-5D3 : Oracle – Liste des privilèges

28 septembre 2023

Privilèges de type système

Un privilège système est le droit d’effectuer une action particulière ou d’effectuer une action sur n’importe quel objet d’un type particulier. Les objets incluent des tables, des vues, des vues matérialisées, des synonymes, des index, des séquences, des groupes de cache, des schémas de réplication et des fonctions, procédures et packages PL/SQL.

Seul l’administrateur de l’instance ou un utilisateur disposant du privilège ADMIN peut accorder ou révoquer des privilèges système.

Voici la liste de privilèges systèmes qu’il est possible d’accorder à un utilisateur d’une PDB.

NOTE: Il faut utiliser les commandes ‘GRANT’ et ‘REVOKE’ pour accorder ou retirer un privilège.

Voir au bas de ce document pour des exemples.

Privilege	Description
`ADMIN`	Enables a user to perform administrative tasks including checkpointing, backups, migration, and user creation and deletion.
`ALTER ANY CACHE GROUP`	Enables a user to alter any cache group in the database.
`ALTER ANY INDEX`	Enables a user to alter any index in the database.Note: There is no `ALTER INDEX` statement.
`ALTER ANY MATERIALIZED VIEW`	Enables a user to alter any materialized view in the database.Note: There is no `ALTER MATERIALIZED VIEW` statement.
`ALTER ANY PROCEDURE`	Enables a user to alter any PL/SQL procedure, function or package in the database.
`ALTER ANY SEQUENCE`	Enables a user to alter any sequence in the database.
`ALTER ANY TABLE`	Enables a user to alter any table in the database.
`ALTER ANY VIEW`	Enables a user to alter any view in the database.Note: There is no `ALTER VIEW` statement.
`CACHE_MANAGER`	Enables a user to perform operations related to cache groups.
`CREATE ANY CACHE GROUP`	Enables a user to create a cache group owned by any user in the database.
`CREATE ANY INDEX`	Enables a user to create an index on any table or materialized view in the database.
`CREATE ANY MATERIALIZED VIEW`	Enables a user to create a materialized view owned by any user in the database.
`CREATE ANY PROCEDURE`	Enables a user to create a PL/SQL procedure, function or package owned by any user in the database.
`CREATE ANY SEQUENCE`	Enables a user to create a sequence owned by any user in the database.
`CREATE ANY SYNONYM`	Enables a user to create a private synonym owned by any user in the database.
`CREATE ANY TABLE`	Enables a user to create a table owned by any user in the database.
`CREATE ANY VIEW`	Enables a user to create a view owned by any user in the database.
`CREATE CACHE GROUP`	Enables a user to create a cache group owned by that user.
`CREATE MATERIALIZED VIEW`	Enables a user to create a materialized view owned by that user.
`CREATE PROCEDURE`	Enables a user to create a PL/SQL procedure, function or package owned by that user.
`CREATE PUBLIC SYNONYM`	Enables a user to create a public synonym.
`CREATE SEQUENCE`	Enables a user to create a sequence owned by that user.
`CREATE SESSION`	Enables a user to create a connection to the database.
`CREATE SYNONYM`	Enables a user to create a private synonym.
`CREATE TABLE`	Enables a user to create a table owned by that user.
`CREATE VIEW`	Enables a user to create a view owned by that user.
`DELETE ANY TABLE`	Enables a user to delete from any table in the database.
`DROP ANY CACHE GROUP`	Enables a user to drop any cache group in the database.
`DROP ANY INDEX`	Enables a user to drop any index in the database.
`DROP ANY MATERIALIZED VIEW`	Enables a user to drop any materialized view in the database.
`DROP ANY PROCEDURE`	Enables a user to drop any PL/SQL procedure, function or package in the database.
`DROP ANY SEQUENCE`	Enables a user to drop any sequence in the database.
`DROP ANY SYNONYM`	Enables a user to drop a synonym owned by any user in the database.
`DROP ANY TABLE`	Enables a user to drop any table in the database.
`DROP ANY VIEW`	Enables a user to drop any view in the database.
`DROP PUBLIC SYNONYM`	Enables a user to drop a public synonym.
`EXECUTE ANY PROCEDURE`	Enables a user to execute any PL/SQL procedure, function or package in the database.
`FLUSH ANY CACHE GROUP`	Enables a user to flush any cache group in the database.
`INSERT ANY TABLE`	Enables a user to insert into any table in the database. It also enables the user to insert into any table using the synonym, public or private, to that table.
`LOAD ANY CACHE GROUP`	Enables a user to load any cache group in the database.
`REFRESH ANY CACHE GROUP`	Enables a user to flush any cache group in the database.
`SELECT ANY SEQUENCE`	Enables a user to select from any sequence or synonym on a sequence in the database.
`SELECT ANY TABLE`	Enables a user to select from any table, view, materialized view, or synonym in the database.
`UNLOAD ANY CACHE GROUP`	Enables a user to unload any cache group in the database.
`UPDATE ANY TABLE`	Enables a user to update any table or synonym in the database.
`XLA`	Enables a user to connect to a database as an XLA reader.

Exemple d’utilisation de GRANT et REVOKE

GRANT CREATE PROCEDURE TO "Tintin"
GRANT DROP USER TO "Tintin"
GRANT CREATE TABLE TO "Tintin"
GRANT SELECT ANY TABLE TO "Tintin"
GRANT CREATE SESSION TO "Tintin"
...
REVOKE COMMENT ANY TABLE FROM "Tintin"
REVOKE CREATE PLUGGABLE DATABASE FROM "Tintin"

SELECT table_name, privilege FROM sys.dba_tab_privs WHERE grantee='PUBLIC';