Click here to view and discuss this page in DocCommentXchange. In the future, you will be sent there automatically.
A privilege is a right to perform a privileged operation on the system.
For example, altering a table is a privileged operation, depending on the type of alteration you are making. There are two types of privileges: system privileges and object-level privileges. System privileges give you the general right to perform a privileged operation, while object-level privileges restrict you to performing the operation on a specific object. For example, if you have the ALTER ANY TABLE system privilege, you can alter any table in the system. If you do not, you can only edit tables you create or tables on which you have the ALTER TABLE object-level privilege.
System privileges are built in to the database and can be granted or revoked, but not created or dropped. With the exception of the MANAGE ROLES and UPGRADE ROLE privileges, system privileges cannot have system privileges granted to, or revoked from, them. Each system privilege, with the exception of the SET USER system privilege, is granted by default to either the SYS_AUTH_SA_ROLE or SYS_AUTH_SSO_ROLE compatibility role, but not both. The SET USER system privilege is granted to both roles (WITH ADMIN OPTION to SYS_AUTH_SSO_ROLE and WITH NO ADMIN OPTION to SYS_AUTH_SA_ROLE).
You grant and revoke system and object-level privileges by using the GRANT and REVOKE statements.