You should never give out full access to facilities without special need. In order not to give out too much, I always start distributing rights with the permission of only data sampling, i.e. execution of the SELECT query. If the user really needs to insert new records and is unable to perform the tasks assigned to him, then we add the INSERT permission to a certain table.
The most dangerous operations for data are modification and deletion, i.e. UPDATE and DELETE respectively. The distribution of these rights should be approached even more carefully. Make sure that the data can indeed be modified or deleted and only then assign the appropriate rights. Some tables, by their nature, should only be replenished.You should also make sure that the data will be exposed frequently enough. For example, an employee table in an organization can be replenished and changed, but never a single entry should be deleted. Deletion can affect the history of employees in the organization, reporting and data integrity.
Yes, it is possible that a Human Resources employee accidentally creates an extra entry and wants to delete it, but such cases are rare and the error correction can be entrusted to the database administrator. We understand that nobody wants to do unnecessary work and it is easier to give permission, but security is more expensive.
Permissions are granted by the GRANT operator. In general, it looks like this: GRANT what to grant ON rights to TO objects TO users or roles
Which roles are already given to the user can be easily seen with the help of SQL Navigator. In version 4.4 for this database performance purpose in the object tree we select the Users/username section. Here https://www.sqlsplus.com you will see the Object Privileges section, which contains all the actions allowed to the user.