Posted by Lets say I’ve been reading about schema separation, and thus I am going to have a schema which owns all of my objects, which I’ll call APP_OWNER, which will have no connection privilege and a separate schema called APP_ADMIN which will take care of all of the DDL tasks.
Here’s my setup:
SQL> create user app_owner identified by app_owner;
User created.
SQL> grant
2 create session,
3 create any table,
4 create any sequence,
5 to app_admin identified by app_admin;
Grant succeeded.
I have granted APP_ADMIN the ability to create tables in any schema, and create sequences in any schema. I did the latter, because I know that if I use the “IDENTITY” clause for a column, then behind the scenes I’ll be creating a sequence to populate those ascending values. So it looks like I am ready to go and create my objects. Let’s create that first table
SQL> conn app_admin/app_admin
Connected.
SQL> create table app_owner.t(pk integer generated always as identity);
create table app_owner.t(pk integer generated always as identity)
*
ERROR at line 1:
ORA-01031: insufficient privileges
Hmmm….that is not what we were expecting. It turns out that to create an identity column in another schema you need more than just CREATE ANY SEQUENCE. You also need SELECT ANY SEQUENCE.
SQL> conn / as sysdba
Connected.
SQL> grant
2 create session,
3 create any table,
4 create any sequence,
5 select any sequence
6 to app_admin identified by app_admin;
Grant succeeded.
SQL> conn app_admin/app_admin
Connected.
SQL> create table app_owner.t(pk integer generated always as identity);
Table created.
And there we go 
Footnote: If you’ve never seen the syntax “grant to identified by ” it is a quick shortcut to both create the user account and assign privileges in a single command
Learning is not a spectator sport 
Sensacional, obrigado pela dica! Funcionou pra mim. Abcs!