Privileges determine what a user is authorized to do with the data and the database. Assign privileges based on the type of work the person does within the organization.
As an Oracle database administrator, you create roles based on what users need to do in the database, grant privileges to the roles, and add the appropriate users to each role. This topic lists the minimum required privileges for common types of database users for which you would create roles: data viewers, data editors, and data creators.
Note that these privileges apply to using ArcGIS with an Oracle database or one of the supported Oracle database service offerings. If you need to know the privileges required to use a geodatabase, see Privileges for geodatabases in Oracle.
The following table lists three groups of users and the minimum privileges they require to query, edit, or create data from ArcGIS.
Type of user | Required privileges | Purpose |
---|---|---|
Data viewer | CREATE SESSION | This privilege allows users to connect to the database. |
SELECT on other users' tables | Data viewers need select privileges on specific tables you want them to see and query. | |
Data editor* Data editors require the same privileges as data viewers, plus these additional privileges. | INSERT, UPDATE, DELETE on other users' tables | Grant the editing operations you want editors to perform on specific tables. |
Data creator | CREATE SESSION | This privilege allows users to connect to the database. |
| These privileges allow data creators to create tables and feature classes in the database, and populate Object ID fields. |
*To edit data, publish editable feature service layers that reference the data in your Oracle database.
If data creators will be creating views to restrict the amount of data returned to the ArcGIS client from the database, also grant them CREATE VIEW and DROP VIEW privileges.