Immutable privileges
Unlike regular privileges, having privilege management privileges is not sufficient to enable immutable privileges to be added or removed. They can only be administered when auth is disabled — that is, when the configuration setting dbms.security.auth_enabled
is set to false
.
When to use immutable privileges
Immutable privileges are useful for restricting the actions of users who can administer privileges.
For example, you may want to prevent all users from performing Database Management, even the admin
user (who are themselves able to add or remove privileges).
To do so, you could run:
DENY DATABASE MANAGEMENT ON DBMS TO PUBLIC
However, this would not be adequate.
In case the admin
user subsequently runs this:
REVOKE DENY DATABASE MANAGEMENT ON DBMS FROM PUBLIC
They would effectively regain Database Management privileges. Instead, run the following query to prevent this scenario:
DENY IMMUTABLE DATABASE MANAGEMENT ON DBMS TO PUBLIC
How to administer immutable privileges
Immutable privileges can only be administered when auth is disabled — that is when the configuration setting dbms.security.auth_enabled
is set to false
, for example.
Under these conditions, immutable privileges can be added and removed in a similar manner to regular privileges, using the IMMUTABLE
keyword.
See the Immutable privileges tutorial for examples of how to administer immutable privileges.
See Managing Privileges for more detail on syntax.