Privileges determine what a user is authorized to do with the data and the database. Assign privileges based on the type of work the person does within the organization.
As an Oracle database administrator, you create roles based on what users need to do in the database, grant privileges to the roles, and add the appropriate users to each role. This page lists the minimum required privileges for common types of database users: data viewers, data editors, and data creators. Some privileges can be granted to roles, but others must be granted directly to the user.
These privileges apply to using ArcGIS with an Oracle database or one of the supported Oracle database service offerings. If you need to know the privileges required to use a geodatabase, see Privileges for geodatabases in Oracle.
The following table lists three groups of users and the minimum privileges they require to query, edit, or create data from ArcGIS.
Type of user | Required privileges | Purpose |
---|---|---|
Data viewer | CREATE SESSION | This privilege allows users to connect to the database. |
SELECT on other users' tables | Data viewers must have the SELECT privilege on specific tables you want them to query. | |
Data editor* Data editors require the same privileges as data viewers, plus these additional privileges. | INSERT, UPDATE, DELETE on other users' tables | Grant the editing operations you want editors to perform on specific tables. You can grant any combination of INSERT, UPDATE, and DELETE privileges depending on what editors need to do. Therefore, you can create multiple editor groups and grant the appropriate privileges to each. For example, you can have a full_edit group that has all three privileges plus SELECT on the tables group members need to edit and an updates_only group that has only SELECT and UPDATE privileges on the tables members need to edit. |
Data creator | CREATE SESSION | This privilege allows users to connect to the database. |
| These privileges allow data creators to create tables and feature classes in the database and populate Object ID fields. |
*To edit data, publish editable web feature layers that reference the data in your Oracle database.
If data creators will create views to restrict the amount of data returned to the ArcGIS client from the database, also grant them the CREATE VIEW permission. If you require that data creators be able to delete the objects they create, grant them the following additional privileges:
- DROP VIEW
- DROP TABLE
Tip:
ArcGIS Insights may require additional privileges. See Required database privileges in the ArcGIS Insights help for more information.