Setting Table or Column Permissions

Grant or revoke permissions on tables or columns for users, groups, and roles.

You can grant and revoke permissions on a table based on the grantee type; users, groups, or roles, then select a specific grantee. You can grant or revoke permission for specific columns belonging to a table.

You can also grant permission with predicated privileges, which are privileges subject to conditions that are evaluated when data is accessed. Row-level access control can be granted on a given object based on conditions expressed through a general SQL where clause.

As an example of the where clause in a SQL statement, the following describes how to grant access to a group of engineers, allowing each member to see only his or her own salary and the salary of any direct reports.

grant select on emp (eng_salary)
  where eng_name = USER or
  engr = USER to eng_role

Note: To grant or revoke predicated privileges, set the configuration parameter enable predicate privileges to 1.

Granting Table Permissions
Grant table access permission to users, groups, or roles.
Revoking Table Permissions
Revoke table access permissions from users, groups, or roles.
Granting Column Permissions
Grant column access permission to users, groups, or roles.
Revoking Column Permissions
Revoke table access permissions from users, groups, or roles.

Parent topic: Tables