Privilege Groups
Flexible DB Access Control privileges are broadly categorized into 12 privilege groups for easy manageability. The following sections describe the 12 privilege groups available in Enterprise Manager:
Note:
The privilege groups listed in this section apply to the following target types:
-
Database Instance
-
Cluster Database
-
Pluggable Database
Note:
Privilege Groups are not supported for PDB Administrators. This can be handled using DB roles and privileges.
Database Application DBA
The Database Application DBA can manage the application schema, application objects, and application performance in the database. In addition, the Database Application DBA can view and update the database to fix performance and other issues on the database.
| Target Privileges | Menu Items |
|---|---|
|
Manage the Database Performance Privilege group Manage the Database Schema Privilege group |
Manage Database Performance Privilege Group Manage Database Schema Privilege Group |
Database Application Developer
The Database Application Developer can view the database performance in Enterprise Manager but cannot make any changes to the database.
| Target Privileges | Menu Items |
|---|---|
|
View the Database Performance Privilege group View the Database Schema Privilege group |
View Database Performance Privilege Group View Database Schema Privilege Group |
Manage Database High Availability Privilege Group
The Manage Database High Availability Privilege group has the ability to manage database high availability pages in Enterprise Manager.
| Target Privileges | Menu Items |
|---|---|
|
View the database backup View database advanced queues View database redo logs View recovery settings View the high availability console View database resources |
Availability>MAA AdvisorAdministration>Resource ManagerAvailability>Backup & Recovery>Backup ReportsAvailability>Backup & Recovery>Backup SettingsAvailability>Backup & Recovery>Recovery SettingsAvailability>Backup & Recovery>Recovery Catalog SettingsAvailability>Backup & Recovery>Transactions |
View Database High Availability Privilege Group
The Manage Database High Availability Privilege group has the ability to view database high availability pages in Enterprise Manager.
| Target Privileges | Menu Items |
|---|---|
|
View the database backup View database advanced queues View database redo logs View recovery settings View the high availability console View database resources |
Availability>MAA AdvisorAdministration>Resource ManagerAvailability>Backup & Recovery>Backup ReportsAvailability>Backup & Recovery>Backup SettingsAvailability>Backup & Recovery>Recovery SettingsAvailability>Backup & Recovery>Recovery Catalog SettingsAvailability>Backup & Recovery>Transactions |
Manage Database Performance Privilege Group
Members of this group have the ability to manage all database performance and advisory features including SQL Monitor, SQL Performance Analyzer, memory advisors, segment advisors, and so on.
| Target Privileges | Menu Items |
|---|---|
|
Use the database SQL Access Advisor Manage the database SQL plan control Use the database SQL Tuning Advisor Manage the database SQL Tuning sets Database SPA administration Manage database sessions Database segment administration View database memory usage View the Database Performance Privilege Group Database optimizer statistics administration Connect target Database ADDM administration Database advisor tasks administration Automated maintenance tasks administration Manage database ASH reports Manage database automatic undo management Manage database AWR settings Manage database health checkers Manage database memory usage |
Performance>Performance Home Performance>SQL>SQL Performance Analyzer Home Performance>SQL>Optimizer statistics Performance>Top Activity Performance>ASH Analytics Performance>SQL Monitor Performance>SQL>SQL Tuning Sets Performance>SQL>SQL Plan Control Performance>SQL>Cloud Control SQL History Performance>SQL>Search SQL Performance>Search Sessions Performance>Blocking Sessions Performance>Advisors Home Performance>Real-Time ADDM Administration>Storage>Automatic Undo Management Performance>AWR>AWR Report Performance>AWR>AWR Administration Performance>AWR>Compare Period ADDM Performance>AWR>Compare Period Reports Performance>SQL>SQL Performance Analyzer Setup Performance>SQL>SQL Tuning Advisor Performance>SQL>SQL Access Advisor Administration>Initialization Parameters |
View Database Performance Privilege Group
Members of this group have the ability to view all database performance and advisory features including SQL Monitor, SQL Performance Analyzer, memory advisors, segment advisors, and so on.
| Target Privileges | Menu Items |
|---|---|
|
Connect to a target (read-only) View database actions View database ADDM View Database Advisor Home View automated maintenance tasks View database ASH reports and analytics View database automatic undo management View database AWR reports View database health checkers View database clients View the database Data Recovery Advisor View the database in-memory setting Install database management packages View database modules View the Database Performance Home Page View Database Optimizer statistics View database segments View database services View database sessions View the database SQL Performance Analyzer View the Database SQL monitor View the database SQL plan control View the database SQL tuning sets View database SQL scripts View database top activity |
Performance>Performance Home Performance>SQL>SQL Performance Analyzer Home Performance>SQL>Optimizer statistics Performance>Top Activity Performance>ASH Analytics Performance>SQL Monitor Performance>SQL>SQL Tuning Sets Performance>SQL>SQL Plan Control Performance>SQL>Cloud Control SQL History Performance>SQL>Search SQL Performance>Search Sessions Performance>Blocking Sessions Performance>Advisors Home Performance>Real-Time ADDM Administration>Storage>Automatic Undo Management Performance>AWR>AWR Report Performance>AWR>AWR Administration Performance>AWR>Compare Period ADDM Performance>AWR>Compare Period Reports |
Manage Database Schema Privilege Group
Members of this group have the ability to manage database schema elements such as tables, views, indexes, packages, functions, and so on.
| Target Privileges | Menu Items |
|---|---|
|
Manage database directory objects Manage database export Manage database import Manage database indexes Manage database Java content Manage database materialized views Manage database tables Manage database procedures and functions Reorganize database objects Manage database sequences Manage database synonyms Manage database workspaces Manage the XML database Manage database types Manage database triggers Manage database text Indexes View database table data Manage database dimensions Manage database links Manage database packages and package bodies |
Schema>Database Objects>Synonyms Schema>Database Objects>Sequences Schema>Database Objects>Database Links Schema>Database Objects>Directory Objects Schema>Text Manager>Text Indexes Schema>Workspaces Schema>XML Database>Resources Schema>XML Database>XML Schemas Schema>XML Database>XMLType Views Schema>XML Database>XML Indexes Schema>XML Database>XML Repository Events Schema>XML Database>XMLType Tables Schema>Programs>Packages Schema>Programs>Package Bodies Schema>Programs>Java Sources Schema>Programs>Java Classes Schema>Materialized Views>Materialized Views Schema>Materialized Views>Materialized View Logs Schema>Materialized Views>Refresh Groups>Dimensions Schema>User Defined Types>Array Types Schema>User Defined Types>Object Types Schema>User Defined Types>Table Types Schema>Database Objects>Reorganize Objects Schema>Database Export/Import>Export to Export Files... Schema>Database Export/Import>Import from Export Files... Schema>Database Export/Import>Import from Database... Schema>Database Export/Import>Load Data from User Files... Schema>Text Manager>Query Statistics Schema>XML Database>Configuration Schema>Change Management>Data Comparisons Schema Change Plans Schema>Change Management>Schema Baselines Schema>Change Management>Schema Comparisons Schema>Change Management>Schema Change Plans Schema>Change Management>Schema Synchronizations |
View Database Schema Privilege Group
Members of this group have the ability to view database schema elements such as tables, views, indexes, packages, functions, and so on.
| Target Privileges | Menu Items |
|---|---|
|
View the XML database View database workspaces View database types View database triggers View database text indexes View database tables View database synonyms View database sequences View database procedures and functions View database packages and package bodies View database materialized views View database Java content View database indexes View database directory objects View database dimensions View database links |
Schema>Database Objects>Tables Schema>Database Objects>Views Schema>Database Objects>Indexes Schema>Database Objects>Synonyms Schema>Database Objects>Sequences Schema>Database Objects>Database Links Schema>Database Objects>Directory Objects Schema>Text Manager>Text Indexes Schema>Workspaces Schema>XML Database>Resources Schema>XML Database>XML Schemas Schema>XML Database>XMLType Views Schema>XML Database>XML Indexes Schema>XML Database>XML Repository Events Schema>XML Database>XMLType Tables Schema>Programs>Packages Schema>Programs>Package Bodies Schema>Programs>Java Sources Schema>Programs>Java Classes Schema>Materialized Views>Materialized Views Schema>Materialized Views>Materialized View Logs Schema>Materialized Views>Refresh Groups>Dimensions Schema>User Defined Types>Array Types Schema>User Defined Types>Object Types Schema>User Defined Types>Table Types |
Manage Database Security Privilege Group
Members of this group have the ability to manage all database security features including users, roles, profiles, transparent data encryption, database vault, and so on.
| Target Privileges | Menu Items |
|---|---|
|
Manage database roles Manage database audit settings Manage database audit trails Manage the database vault Manage database virtual private database policies Manage database users Manage database transparent data encryption settings View the Database Security Privilege group Manage the database scheduler Database redaction administration Manage database profiles Manage privilege analysis Manage database Oracle label security |
Security>Home Security>Reports Security>Database Vault Administration>Oracle Scheduler>Jobs Administration>Oracle Scheduler>Job Classes Administration>Oracle Scheduler>Chains Administration>Oracle Scheduler>Schedules Administration>Oracle Scheduler>Programs Administration>Oracle Scheduler>Windows Administration>Oracle Scheduler>Window Groups Security>Roles Security>Users Security>Profiles Security>Audit Settings Security>Transparent Data Encryption Security>Data Redaction Security>Label Security Security>Application Contexts Security>Enterprise User Security Security>Virtual Private Database Security>Application Contexts Security>Enterprise User Security Security>Privilege Analysis |
View Database Security Privilege Group
Members of this group have the ability to view all database security features including users, roles, profiles, data encryption, data vault, audit vault, and so on.
| Target Privileges | Menu Items |
|---|---|
|
View database audit settingsView the database audit trailMonitor the database vaultView database feature usageView database Oracle label securityView privilege analysisView database profilesView database redactionView database rolesView the database schedulerView the Database Security HomeView database security reportsView database transparent data encryption settingsView database usersView database virtual private database policies |
Security>Home Security>Reports Security>Database Vault Administration>Oracle Scheduler>Jobs Administration>Oracle Scheduler>Job Classes Administration>Oracle Scheduler>Chains Administration>Oracle Scheduler>Schedules Administration>Oracle Scheduler>Programs Administration>Oracle Scheduler>Windows Administration>Oracle Scheduler>Window Groups Security>Roles Security>Users Security>Profiles Security>Audit Settings Security>Transparent Data Encryption Security>Data Redaction Security>Label Security Security>Application Contexts Security>Enterprise User Security Security>Virtual Private Database Security>Application Contexts Security>Enterprise User Security Security>Privilege Analysis |
Manage Database Storage Privilege Group
The members of this group have the ability to manage database storage.
| Target Privileges | Menu Items |
|---|---|
|
Manage database control files Manage database data files Manage database redo logs Manage database tablespaces Manage database transport tablespace |
Administration>Storage>Archive Logs Administration>Storage>Datafiles Administration>Storage>Control Files Administration>Storage>Redo Log Groups Administration>Storage>Tablespaces Administration>Storage>Temporary Tablespace Groups Administration>Storage>Database File Systems Administration>Storage>Information Lifecycle Management |
View Database Storage Privilege Group
Members of this group have the ability to view database storage.
| Target Privileges | Menu Items |
|---|---|
|
View Database Tablespaces View Database Redo Logs View Database Archive Logs View Database Datafiles |
Administration>Storage>Archive Logs Administration>Storage>DatafilesAdministration>Storage>Control Files Administration>Storage>Redo Log Groups Administration>Storage>TablespacesAdministration>Storage>Temporary Tablespace Groups Administration>Storage>Database File Systems Administration>Storage>Information Lifecycle Management |