System Privileges

System privileges let you control access to authorized system operations. Each privileged database task on the server requires specific system privileges. System privileges can be granted individually to users or roles.

When a system privilege is granted to a role, all members of the role inherit the system privilege. All new members of a role automatically inherit all of the underlying system privileges of a role.

Each system privilege, with the exception of the SET USER system privilege, by default, is granted to either the SYS_AUTH_SA_ROLE or the SYS_AUTH_SSO_ROLE role, but not both. The exception, SET USER system privilege, is granted to both roles.

Individually granting the underlying system privileges of a role is semantically equivalent to granting the role itself. You can grant system privileges to multiple user-defined system roles in any combination to meet the functional security requirements of your organization.

With the exception of MANAGE ROLES and UPGRADE ROLE, you cannot modify system privileges. System privileges can be granted to, and revoked from, roles and users, but they cannot be dropped. System privileges cannot own objects.

• System Privileges Listed by Functional Area
  A list of system privileges organized by functional area.
• List All System Privileges
  List of all system privileges.
• Granting a System Privilege to a User
  Allow the granting of specific system privileges to specific users, with or without administrative rights.
• Revoking a System Privilege from a User
  Revoke a specific system privilege and the right to administer the system privilege from specific users.
• Users and Privileges Granted System Objects
  Information about the current users of a database and their privileges is stored in the database system tables, which are accessible through system views.
• Stored Procedure to Map System Privileges to System Roles
  The sp_sys_priv_role_info stored procedure generates a report that maps each system privilege role to a system role.