Here, I explain about 'select_catalog_role' and 'select any dictionary' privileges and the difference between them.
SQL> show user;
User is "scott"
SQL> select * from dba_objects where rownum<=1;
select * from dba_objects where rownum<=1
ORA-00942: table or view does not exist
SQL> select * from v$session where rownum<=1;
select * from v$session where rownum<=1
ORA-00942: table or view does not exist
Above, SCOTT was not able to access sys schema views (v$session, dba_objects)
SQL> conn system/YYYY@orcl
Connected to Oracle Database 11g Enterprise Edition Release 11.2.0.1.0
Connected as system
SQL> show user
User is "system"
SQL> grant select_catalog_role to scott;
Grant succeeded
[from scott schema]
SQL> select count(*) from v$session;
COUNT(*)
----------
44
SQL> select count(*) from dba_objects;
COUNT(*)
----------
72517
Now, scott is able to access sys schema views.
So, select_catalog_role grants user to select sys schema views (only views, no other objects like table)
[from scott schema]
SQL> select count(*) from sys.OBJ$;
select count(*) from OBJ$
ORA-00942: table or view does not exist
scott is not able to access sys schema objects
[from system schema]
SQL> revoke select_catalog_role from scott;
Revoke succeeded
SQL> grant select any dictionary to scott;
Grant succeeded
[from scott schema]
SQL> select count(*) from v$session;
COUNT(*)
----------
45
SQL> select count(*) from sys.obj$;
COUNT(*)
----------
73425
So, SCOTT is able to select rows from sys schema views and tables
So, the conclusion is,
'select_catalog_role' provides access to all SYS schema views only
'select any dictinaly' provides access to all SYS schema objects (views and tables etc..)
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment