Object privileges

Object privileges apply to individual object instances (a specific user or a single database).

Because object privileges take effect after an object is created, you can only change privileges on existing objects. Like administrator privileges, object privileges are granted to users and groups. But where administrator privileges apply to the system as a whole and are far reaching, object privileges are more narrow in scope.

When an object is created, there are no object privileges that are associated with it. Instead, the user who creates the object becomes the object owner. Initially, only the object creator, the schema owner (if the object is defined in a schema), the database owner, and the admin user can view and manipulate the object. For other users to gain access to the object, either the owner, database owner, schema owner, or the admin user must grant privileges to it.

The following table describes the list of available object privileges. As with administrator privileges, specifying the with grant option allows a user to grant the privilege to others.
Table 1. Object privileges
Privilege Description
Abort Allows the user to abort sessions. Applies to groups and users. For more information, see Abort sessions or transactions.
All Allows the user to have all the object privileges.
Alter Allows the user to modify object attributes. Applies to all objects.
Delete Allows the user to delete table rows. Applies only to tables.
Drop Allows the user to drop all objects.
Execute Allows the user to execute UDFs and UDAs in SQL queries.
Execute As Allows the user to change the name of the current user of their session.
GenStats Allows the user to generate statistics on tables or databases. The user can run the GENERATE STATISTICS command.
Groom Allows the user to do general housekeeping and cleanup operations on tables by using the GROOM TABLE command. The GROOM TABLE command runs reclaim operations to remove deleted rows and also reorganizes tables that are based on the clustered base table's organizing keys.
Insert Allows the user to insert rows into a table. Applies only to tables.
Label Access Allows the user to view the label column.
Label Expand Allows the user to update a label to a less restrictive value.
Label Restrict Allows the user to update a label to a more restrictive value.
List Allows the user to display an object name, either in a list or in another manner. Applies to all objects.
Select Allows the user to select (or query) rows within a table. Applies to tables and views.
Truncate Allows the user to delete all rows from a table. Applies only to tables.
Update Allows the user to modify table rows, such as changing field values or changing the next value of a sequence. Applies to tables only.