Re: select_catalog_role granted to newly created user named 'T' with create session privilege does not select data from dba_users

From: Kurt Franke <Kurt-Franke_at_web.de>
Date: Fri, 04 Dec 2009 22:24:32 +0100
Message-Id: <1350914444_at_web.de>

Hi,

> I'm on 11.2.0.1 on OEL5.3
>
> O7_DICTIONARY_ACCESSIBILITY is set to FALSE. I created a new user
> named 'T' and granted 'create session' privileges to 'T'. I also have
> another user named 'SCOTT' and a table named 'EMP' under this schema.
> With 'select any table' privilege granted to 'T' as user 'system', I
> am able to select data from scott.emp as user 'T' but I am unable to
> view DBA_USERS (which is obvious since O7_DICTIONARY_ACCESSIBILITY is
> set to FALSE). Then I revoke 'select any table' from 'T' and grant
> 'select_catalog_role' as user 'system' to 'T'. I expect to view data
> from dba_users but this does not happen. I get table or view does not
> exist. What am I doing wrong here? Thanks in advance.

the system privilege SELECT ANY DICTIONARY is your friend.

of course you may create a special role holding it if it is not ok to grant it directly to a user.

regards

--
http://www.freelists.org/webpage/oracle-l

Received on Fri Dec 04 2009 - 15:24:32 CST

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message