11.2.1. The Object Owner

The user who creates a database object becomes its owner. Only the owner of an object and users with administrator privileges in the database, including the database owner, can alter or drop the database object.

Some Ownership Drawbacks

Any authenticated user can access any database and create any valid database object. Up to and including this release, the issue is not controlled.

Because not all database objects are associated with an owner — domains, external functions (UDFs), BLOB filters, generators (sequences) and exceptions — ownerless objects must be regarded as vulnerable on a server that is not adequately protected.

SYSDBA, the database owner or the object owner can grant privileges to and revoke them from other users, including privileges to grant privileges to other users. The process of granting and revoking SQL privileges is implemented with two statements of the general form:

  1. GRANT <privilege> ON <object-type> object-name
  2.   TO { user-name | ROLE role-name }
  4. REVOKE <privilege> ON <OBJECT-TYPE> object-name
  5.   FROM { user-name | ROLE role-name }

The object-type is not required for every type of privilege. For some types of privilege, extra parameters are available, either as options or as requirements.