What privilege must a user have to access a secure view by definition?