The DBMS AUTH RULE MANAGEMENT privilegesAuraDB Business CriticalAuraDB Virtual Dedicated CloudEnterprise EditionIntroduced in 2026.03
The DBMS privileges for auth rule management can be granted, denied, or revoked like other privileges.
|
For more details about the syntax descriptions, see Reading the administration commands syntax. |
| Command | Description |
|---|---|
|
Enables the specified roles to create new auth rules. |
|
Enables the specified roles to change the name of auth rules. |
|
Enables the specified roles to modify auth rules. |
|
Enables the specified roles to delete auth rules. |
|
Enables the specified roles to list auth rules. |
|
Enables the specified roles to create, delete, rename, modify and list auth rules. |
Grant privilege to create auth rules
You can grant the privilege to add auth rules using the CREATE AUTH RULE privilege.
For example:
GRANT CREATE AUTH RULE ON DBMS TO authRuleAdder;As a result, the authRuleAdder role has privileges that allow adding auth rules.
To list all privileges for the role authRuleAdder as commands, use the following query:
SHOW ROLE authRuleAdder PRIVILEGES AS COMMANDS;| command |
|---|
|
Rows: 1 |
Grant privilege to rename auth rules
You can grant the privilege to rename auth rules using the RENAME AUTH RULE privilege.
For example:
GRANT RENAME AUTH RULE ON DBMS TO authRuleNameModifier;As a result, the authRuleNameModifier role has privileges that allow renaming auth rules.
To list all privileges for the role authRuleNameModifier, use the following query:
SHOW ROLE authRuleNameModifier PRIVILEGES AS COMMANDS;| command |
|---|
|
Rows: 1 |
Grant privilege to modify auth rules
You can grant the privilege to modify auth rules using the ALTER AUTH RULE privilege.
For example:
GRANT ALTER AUTH RULE ON DBMS TO authRuleModifier;As a result, the authRuleModifier role has privileges that allow modifying auth rules.
To list all privileges for the role authRuleModifier, use the following query:
SHOW ROLE authRuleModifier PRIVILEGES AS COMMANDS;| command |
|---|
|
Rows: 1 |
The ALTER AUTH RULE privilege allows the user to run the ALTER AUTH RULE administration command with one or both of the SET CONDITION, and SET ENABLED parts.
For example:
ALTER AUTH RULE salesDepartment SET CONDITION abac.oidc.user_attribute('department') = 'sales';Grant privilege to delete auth rules
You can grant the privilege to delete auth rules using the DROP AUTH RULE privilege.
For example:
GRANT DROP AUTH RULE ON DBMS TO authRuleDropper;As a result, the authRuleDropper role has privileges that allow deleting auth rules.
To list all privileges for the role authRuleDropper, use the following query:
SHOW ROLE authRuleDropper PRIVILEGES AS COMMANDS;| command |
|---|
|
Rows: 1 |
Grant privilege to list auth rules
You can grant the privilege to list auth rules using the SHOW AUTH RULE privilege.
A role with this privilege is allowed to execute the SHOW AUTH RULES administration commands.
It also grants the role the ability to show auth rules assigned to roles with the SHOW RULES WITH AUTH RULES command.
The following query shows an example of how to grant the SHOW AUTH RULE privilege:
GRANT SHOW AUTH RULE ON DBMS TO authRuleViewer;As a result, the authRuleViewer role has privileges that allow listing auth rules.
To list all privileges for the role authRuleViewer as commands, use the following query:
SHOW ROLE authRuleViewer PRIVILEGES AS COMMANDS;| command |
|---|
|
Rows: 1 |
Grant privilege to manage auth rules
You can grant the privilege to create, rename, modify, delete, and list auth rules using the AUTH RULE MANAGEMENT privilege.
For example:
GRANT AUTH RULE MANAGEMENT ON DBMS TO authRuleManager;As a result, the authRuleManager role has all privileges to manage auth rules.
To list all privileges for the role authRuleManager as commands, use the following query:
SHOW ROLE authRuleManager PRIVILEGES AS COMMANDS;| command |
|---|
|
Rows: 1 |