Object privileges
Object privileges apply to individual object instances (a specific user or a single database).
Because object privileges take effect after an object is created, you can only change privileges on existing objects. Like administrator privileges, object privileges are granted to users and groups. But where administrator privileges apply to the system as a whole and are far reaching, object privileges are more narrow in scope.
When an object is created, there are no object privileges that are associated with it. Instead, the user who creates the object becomes the object owner. Initially, only the object creator, the schema owner (if the object is defined in a schema), the database owner, and the admin user can view and manipulate the object. For other users to gain access to the object, either the owner, database owner, schema owner, or the admin user must grant privileges to it.
Privilege | Description |
---|---|
Abort | Allows the user to abort sessions. Applies to groups and users. For more information, see Abort sessions or transactions. |
All | Allows the user to have all the object privileges. |
Alter | Allows the user to modify object attributes. Applies to all objects. |
Delete | Allows the user to delete table rows. Applies only to tables. |
Drop | Allows the user to drop all objects. |
Execute | Allows the user to execute UDFs and UDAs in SQL queries. |
Execute As | Allows the user to change the name of the current user of their session. |
GenStats | Allows the user to generate statistics on tables or databases. The user can run the GENERATE STATISTICS command. |
Groom | Allows the user to do general housekeeping and cleanup operations on tables by using the GROOM TABLE command. The GROOM TABLE command runs reclaim operations to remove deleted rows and also reorganizes tables that are based on the clustered base table's organizing keys. |
Insert | Allows the user to insert rows into a table. Applies only to tables. |
Label Access | Allows the user to view the label column. |
Label Expand | Allows the user to update a label to a less restrictive value. |
Label Restrict | Allows the user to update a label to a more restrictive value. |
List | Allows the user to display an object name, either in a list or in another manner. Applies to all objects. |
Select | Allows the user to select (or query) rows within a table. Applies to tables and views. |
Truncate | Allows the user to delete all rows from a table. Applies only to tables. |
Update | Allows the user to modify table rows, such as changing field values or changing the next value of a sequence. Applies to tables only. |