I have two users in Oracle. User1 has "Select any table" privilege. User2 has 1000+ tables and they should not be accessed (selected) by User1 even though he has "Select any table" system privilege. "Select any table" privilege can't be revoked from User1, as User1 is accessing Dictionary tables. I want User1 not to be able to see the tables of User2. I can't give object permissions because the number of tables/views is very large. How do I do that?
Unfortunately, any user with SELECT ANY TABLE can select any table. There is no SELECT ANY TABLE EXCEPT clause. So if you don't want User1 to see User2's tables, you will have to revoke this system privilege from User1. If you still want User1 to be able to access Data Dictionary views, then grant the SELECT_CATALOG_ROLE role to User1. This let's the user only view the Data Dictionary roles without being able to see other schema's tables.
For More Information
- Dozens more answers to tough Oracle questions from Brian Peasland are available.
- The Best Oracle Web Links: tips, tutorials, scripts, and more.
- Have an Oracle or SQL tip to offer your fellow DBAs and developers? The best tips submitted will receive a cool prize. Submit your tip today!
- Ask your technical Oracle and SQL questions -- or help out your peers by answering them -- in our live discussion forums.
- Ask the Experts yourself: Our PL/SQL, database administration and data warehousing gurus are waiting to answer your toughest questions.
Dig Deeper on Oracle database design and architecture
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.