I have setup a database for some dev work: Oracle Database 19c Enterprise Edition Release 19.0.0.0.0
I created a user/schema YERPGL and defined some tables.
I work in a PDB named SIDPDB created in the master-DB.
I connect with a session as user YERPGL. Here I see the tables in that schema.
select * from user_tables; -- show all tables owned by a user
that's fine.
Then ...
select owner, table_name, status, num_rows, table_lock from dba_tables;
ORA-00942: Tabelle oder View nicht vorhanden
00942. 00000 - "table or view does not exist"
that's fine too. The user does not have any priviledges, but create sessions.
But to my suprise, this shows all the tables, as it would be expected with a priviledged DBA_TABLES access:
select * from all_tables; -- show all tables a user can access
Even worse, eg.:
select * from sys.audit_actions;
list all those data in all their glory.
It looks like visibility is not constrained at all for any such unprivileged user.
There are almost no privileges.
SELECT 'dba_sys_privs' src, s.PRIVILEGE
FROM sys.dba_sys_privs s
WHERE grantee = 'YERPGL'
UNION
SELECT 'dba_role_privs' src, PRIVILEGE
FROM dba_role_privs rp JOIN role_sys_privs rsp ON (rp.granted_role = rsp.role)
WHERE rp.grantee = 'YERPGL'
ORDER BY 1;
shows just given dba_sys_privs CREATE SESSION
This shoulded happen! What am I missing here?