SQL show parameter dict NAME TYPE VALUE ------------------------------------ ----------- ------------------------- O7_DICTIONARY_ACCESSIBILITY boolean FALSE ---------缺省为false ----设置为true后普通用户拥有 select any table 权限的就可以访

SQL> show parameter dict

NAME TYPE VALUE
------------------------------------ ----------- -------------------------
O7_DICTIONARY_ACCESSIBILITY boolean FALSE ---------缺省为false

----设置为true后普通用户拥有 select any table 权限的就可以访问 sys schema了
SQL> alter system set O7_DICTIONARY_A【本文来自鸿网互联 (http://www.68idc.cn)】CCESSIBILITY=true scope=spfile

O7_DICTIONARY_ACCESSIBILITY 会控制普通用无法直接访问sys schema

FYI：

O7_DICTIONARY_ACCESSIBILITY

O7_DICTIONARY_ACCESSIBILITY controls restrictions on SYSTEM privileges. If the parameter is set to true, access to objects in the SYS schema is allowed (Oracle7 behavior). The default setting of false ensures that system privileges that allow access to objects in "any schema" do not allow access to objects in the SYSschema.

For example, if O7_DICTIONARY_ACCESSIBILITY is set to false, then the SELECT ANY TABLE privilege allows access to views or tables in any schema except the SYSschema (data dictionary tables cannot be accessed). If O7_DICTIONARY_ACCESSIBILITY is set to false, then to access objects in the SYS schema, the user should have SELECT ANY DICTIONARY system privilege or the user should have been granted SELECT object privilege on the specific objects. The system privilegeEXECUTE ANY PROCEDURE allows access on the procedures in any schema except the SYS schema.

If this parameter is set to false and you need to access objects in the SYS schema, then you must be granted explicit object privileges. The following roles, which can be granted to the database administrator, also allow access to dictionary objects:

select_catalog_role

EXECUTE_CATALOG_ROLE

DELETE_CATALOG_ROLE


达芬奇
达芬奇——你的AI创作大师
144
查看详情