Privilege escalation attacks consist of exploiting a bug or design flaw in a software application to gain access to resources which normally are protected from an application or user. The result is that the application allows actions with privileges beyond an acceptable level for the specific user. Privileges should never be assigned directly to users, but only to roles/groups of which the users are members. A primary problem is that most organizations do not know, and cannot document, who has access to sensitive data on an enterprise database system.
Source: https://threatpost.com/escalating-privileges-database-can-wreak-havoc-072710/74263/