This topic describes the standard account permissions for tenants in the MySQL and Oracle modes of OceanBase Database.
MySQL tenant account permissions
The default permission for a standard account in a MySQL tenant is the SELECT permission on information_schema.*.
Permission type | Permission | Description |
Global permission | ENCRYPT/DECRYPT | Grants the permission to call encryption and decryption functions: Encrypt (encryption permission) and Decrypt (decryption permission). For more information about how to use these functions, see ENHANCED_AES_ENCRYPT and ENHANCED_AES_DECRYPT. Note
|
Read and write permission | ALL PRIVILEGES | All permissions except |
DDL only | CREATE | The permission to create tables. |
DROP | The permission to drop tables and views. | |
ALTER | The permission to rename tables and modify table schemas. | |
SHOW VIEW | You can view the details of a view or learn how it executes. | |
CREATE VIEW | The permission to create views. | |
DML only | SELECT | The permission to query data in tables. |
INSERT | You can insert rows into the table. | |
UPDATE | You can modify existing data. | |
DELETE | You can delete data. | |
SHOW VIEW | You can examine a view or learn how it executes. | |
PROCESS | You can use the | |
Read-only permission | CREATE SESSION | The permission to connect to the database. |
SELECT | The permission to query data in tables. | |
SHOW VIEW | View the definition of a view or learn how it executes. | |
Custom | ALTER, CREATE, DELETE, DROP, INSERT, SELECT, UPDATE, INDEX, CREATE VIEW, SHOW VIEW, PROCEDURE FUNCTION | A custom selection of all DDL and DML commands, plus INDEX and PROCEDURE FUNCTION. INDEX: Determines whether a user can create and drop table indexes. PROCEDURE FUNCTION: Represents the following three permissions.
Note PROCEDURE FUNCTION is available only in OceanBase Database V4.2.2 and later, and V4.3.0 and later. |
Oracle tenant account permissions
The default permissions for a standard account in an Oracle tenant are the following permissions on the user schema:
Permission | Description |
CREATE TABLE | The permission to create tables. |
CREATE VIEW | The permission to create views. |
CREATE PROCEDURE | The permission to create any stored procedure for the user. |
CREATE SYNONYM | The permission to create synonyms for the user. |
CREATE SEQUENCE | The permission to create sequences for the user. |
CREATE TRIGGER | The permission to create triggers for the user. |
CREATE TYPE | The permission to create types. |
CREATE SESSION | The permission to create a session. |
EXECUTE ANY PROCEDURE | The permission to execute any stored procedure. |
CREATE ANY OUTLINE | The permission to create any execution plan. |
ALTER ANY OUTLINE | The permission to alter any execution plan. |
DROP ANY OUTLINE | The permission to drop any execution plan. |
CREATE ANY PROCEDURE | The permission to create any stored procedure for the user. |
ALTER ANY PROCEDURE | The permission to alter any stored procedure. |
DROP ANY PROCEDURE | The permission to drop any stored procedure. |
CREATE ANY SEQUENCE | The permission to create any sequence. |
ALTER ANY SEQUENCE | The permission to alter any sequence. |
DROP ANY SEQUENCE | The permission to drop any sequence. |
CREATE ANY TYPE | The permission to create any type. |
ALTER ANY TYPE | The permission to alter any type. |
DROP ANY TYPE | You can delete any permission. |
SYSKM | The |
CREATE ANY TRIGGER | The permission to create any trigger for the user. |
ALTER ANY TRIGGER | The permission to alter any trigger. |
DROP ANY TRIGGER | The permission to drop any trigger. |
CREATE PROFILE | The permission to create a resource limit profile. |
ALTER PROFILE | The permission to alter a resource limit profile. |
DROP PROFILE | The permission to drop a resource limit profile. |