Immutable privileges are useful for restricting the actions of users who can administer privileges.
For example, you may want to prevent all users from performing Database Management, even the
admin user (who are themselves able to add or remove privileges).
To do so, you could run:
DENY DATABASE MANAGEMENT ON DBMS TO PUBLIC
However, this would not be adequate.
In case the
admin user subsequently runs this:
REVOKE DENY DATABASE MANAGEMENT ON DBMS FROM PUBLIC
They would effectively regain Database Management privileges. Instead, run the following query to prevent this scenario:
DENY IMMUTABLE DATABASE MANAGEMENT ON DBMS TO PUBLIC
Immutable privileges can only be administered when auth is disabled — that is when the configuration setting
dbms.security.auth_enabled is set to
false, for example.
Under these conditions, immutable privileges can be added and removed in a similar manner to regular privileges, using the
See the Immutable privileges tutorial for examples of how to administer immutable privileges.
See Managing Privileges for more detail on syntax.