Setting Table or Column Permissions

Grant or revoke permissions on tables or columns for users, groups, and roles.

You can grant and revoke permissions on a table based on the grantee type; users, groups, or roles, then select a specific grantee. You can grant or revoke permission for specific columns belonging to a table.

You can also grant permission with predicated privileges, which are privileges subject to conditions that are evaluated when data is accessed. Row-level access control can be granted on a given object based on conditions expressed through a general SQL where clause.

As an example of the where clause in a SQL statement, the following describes how to grant access to a group of engineers, allowing each member to see only his or her own salary and the salary of any direct reports.
grant select on emp (eng_salary)
  where eng_name = USER or
  engr = USER to eng_role
Note: To grant or revoke predicated privileges, set the configuration parameter enable predicate privileges to 1.