- Newest
- Most votes
- Most comments
When you create an Amazon RDS for Oracle database instance, the default master user is created and granted the maximum user permissions on the DB instance with some limitations.
For RDS Oracle, this user comes with the below privileges and roles:
1 - System Privileges: ALTER DATABASE LINK, ALTER PUBLIC DATABASE LINK, DROP ANY DIRECTORY, EXEMPT ACCESS POLICY, EXEMPT IDENTITY POLICY, GRANT ANY OBJECT PRIVILEGE, RESTRICTED SESSION, EXEMPT REDACTION POLICY
2- Database Roles: AQ_ADMINISTRATOR_ROLE, AQ_USER_ROLE, CONNECT, CTXAPP, DBA, EXECUTE_CATALOG_ROLE, RECOVERY_CATALOG_OWNER, RESOURCE, SELECT_CATALOG_ROLE
If you wish to have another user with the same privileges, you can grant the above-mentioned privileges and roles the new user.
SQL> GRANT ALTER DATABASE LINK, ALTER PUBLIC DATABASE LINK, DROP ANY DIRECTORY, EXEMPT ACCESS POLICY, EXEMPT IDENTITY POLICY, GRANT ANY OBJECT PRIVILEGE, RESTRICTED SESSION, EXEMPT REDACTION POLICY TO newuser;
Furthermore, if you wish to grant individual privileges to a user you can use "rdsadmin.rdsadmin_util.grant_sys_object" as follows:
begin
rdsadmin.rdsadmin_util.grant_sys_object(
p_obj_name => '<OBJECT_NAME>',
p_grantee => '<USER>',
p_privilege => '<PRIVILAGE>');
end;
For details on master user privileges, please refer to the following documentations.
[+]Master user account privileges - https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.MasterAccounts.html
[+]Granting SELECT or EXECUTE privileges to SYS objectshttps://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.Oracle.CommonDBATasks.System.html#Appendix.Oracle.CommonDBATasks.TransferPrivileges
[+]How do I manage user privileges and roles in my Amazon RDS for Oracle DB instance? - https://repost.aws/knowledge-center/rds-oracle-user-privileges-roles
Relevant content
- asked 2 years ago
- Accepted Answerasked 2 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated 5 months ago