Immutable privileges

Unlike regular privileges, having privilege management privileges is not sufficient to enable immutable privileges to be added or removed. They can only be administered when auth is disabled — that is, when the configuration setting dbms.security.auth_enabled is set to false.

When to use immutable privileges

Immutable privileges are useful for restricting the actions of users who can administer privileges.

For example, you may want to prevent all users from performing Database Management, even the admin user (who are themselves able to add or remove privileges). To do so, you could run:

DENY DATABASE MANAGEMENT ON DBMS TO PUBLIC

However, this would not be adequate. In case the admin user subsequently runs this:

REVOKE DENY DATABASE MANAGEMENT ON DBMS FROM PUBLIC

They would effectively regain Database Management privileges. Instead, run the following query to prevent this scenario:

DENY IMMUTABLE DATABASE MANAGEMENT ON DBMS TO PUBLIC

How to administer immutable privileges

Immutable privileges can only be administered when auth is disabled — that is when the configuration setting dbms.security.auth_enabled is set to false, for example. Under these conditions, immutable privileges can be added and removed in a similar manner to regular privileges, using the IMMUTABLE keyword.

See the Immutable privileges tutorial for examples of how to administer immutable privileges.

See Managing Privileges for more detail on syntax.