After the select any table permission is granted, the TABLE of the sys user cannot be accessed.
SQL> show parameter dict
NAME TYPE VALUE
------------------------------------------------------------------------
O7_DICTIONARY_ACCESSIBILITY boolean FALSE --------- default value: false ---- if this parameter is set to true, normal users with select any table permission can access sys schema.
SQL> alter system set O7_DICTIONARY_ACCESSIBILITY = true scope = spfile
O7_DICTIONARY_ACCESSIBILITY controls that common users cannot directly access sys schema
FYI: O7_DICTIONARY_ACCESSIBILITY
Property |
Description |
Parameter type |
Boolean |
Default value |
false |
Modifiable |
No |
Range of values |
true | false |
O7_DICTIONARY_ACCESSIBILITY
Controls restrictions onSYSTEM
Privileges. If the parameter is settrue
, Access to objects inSYS
Schema is allowed (Oracle7 behavior). The default settingfalse
Ensures that system privileges that allow access to objects in "any schema" do not allow access to objects inSYS
Schema.
For example, ifO7_DICTIONARY_ACCESSIBILITY
Is setfalse
, ThenSELECT ANY TABLE
Privilege allows access to views or tables in any schema does notSYS
Schema (data dictionary tables cannot be accessed). If O7_DICTIONARY_ACCESSIBILITY is setfalse
, Then to access objects inSYS
Schema, the user shoshould haveSELECT ANY DICTIONARY
System privilege or the user shoshould have been grantedSELECT
Object privilege on the specific objects. The system privilegeEXECUTE ANY PROCEDURE
Allows access on the procedures in any schema doesn'tSYS
Schema.
If this parameter is setfalse
And you need to access objects inSYS
Schema, then you must be granted explicit object privileges. The following roles, which can be granted to the database administrator, also allow access to dictionary objects:
SELECT_CATALOG_ROLE
EXECUTE_CATALOG_ROLE
DELETE_CATALOG_ROLE