Home > Developer > Database Administrator

After the select any table permission is granted, the TABLE of the sys user cannot be accessed.

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

After the select any table permission is granted, the TABLE of the sys user cannot be accessed.
SQL> show parameter dict

NAME TYPE VALUE
------------------------------------------------------------------------
O7_DICTIONARY_ACCESSIBILITY boolean FALSE --------- default value: false ---- if this parameter is set to true, normal users with select any table permission can access sys schema.
SQL> alter system set O7_DICTIONARY_ACCESSIBILITY = true scope = spfile

O7_DICTIONARY_ACCESSIBILITY controls that common users cannot directly access sys schema


FYI: O7_DICTIONARY_ACCESSIBILITY

Property Description
Parameter type Boolean
Default value false
Modifiable No
Range of values true | false

O7_DICTIONARY_ACCESSIBILITYControls restrictions onSYSTEMPrivileges. If the parameter is settrue, Access to objects inSYSSchema is allowed (Oracle7 behavior). The default settingfalseEnsures that system privileges that allow access to objects in "any schema" do not allow access to objects inSYSSchema.

For example, ifO7_DICTIONARY_ACCESSIBILITYIs setfalse, ThenSELECT ANY TABLEPrivilege allows access to views or tables in any schema does notSYSSchema (data dictionary tables cannot be accessed). If O7_DICTIONARY_ACCESSIBILITY is setfalse, Then to access objects inSYSSchema, the user shoshould haveSELECT ANY DICTIONARYSystem privilege or the user shoshould have been grantedSELECTObject privilege on the specific objects. The system privilegeEXECUTE ANY PROCEDUREAllows access on the procedures in any schema doesn'tSYSSchema.

If this parameter is setfalseAnd you need to access objects inSYSSchema, then you must be granted explicit object privileges. The following roles, which can be granted to the database administrator, also allow access to dictionary objects:

  • SELECT_CATALOG_ROLE

  • EXECUTE_CATALOG_ROLE

  • DELETE_CATALOG_ROLE

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More