Oracle has two fundamental types of privileges:
- Object privileges
- System privileges
Object privileges control access to tables, indexes, and other objects. If you want a user to be able to select from a table, you grant him access to
that table. Because the privilege applies to a specific object, a table in this case, it is referred to as an object privilege.
The users who own the objects manage the object privileges, whereas system privileges are ultimately managed by the DBA, and are used to control the actions a user can take while connected to a database.
For example, to allow a user to create a table in the first place, you need to grant that user the
CREATE TABLE
system privilege.
Object privileges render to the grantee the permission to use a
schema object[1] owned by another user in a particular way.
As you will see, there are several types of object privileges, some of which apply only to certain schema objects.
For example, the INDEX privilege applies only to tables, and the SELECT privilege applies to
tables, views, and sequences. The following object privileges can be granted individually, can be granted grouped in a list, or can be granted with the keyword ALL to implicitly grant all available object privileges for a particular schema object.
Warning: Be careful when using the key term ALL since it may implicitly grant powerful privileges.