Hello Experts,
I am having this question: Why there are EXECUTE privileges on some objects (packages, types, etc) granted to role SELECT_CATALOG_ROLE? Shouldn't there be only SELECT privileges in this role?
I googled around but could not find answer so that it is why I am asking here. I am sure there is good explanation but I would like to know it.
Below is what I am referring to. Also, I checked in both Oracle 11.2 and Oracle 12c (there are some differences). I have them installed on Solaris (not sure if it matters at all) - So here is how it looks in Oracle 12.1.0.2.0 -
| GRANTEE | OWNER | TABLE_NAME | GRANTOR | PRIVILEGE | GRANTABLE | HIERARCHY | COMMON | TYPE |
|---|
| SELECT_CATALOG_ROLE | SYS | PSTDY_DATAPUMP_SUPPORT | SYS | EXECUTE | NO | NO | YES | PACKAGE |
| SELECT_CATALOG_ROLE | SYS | LOGSTDBY$UTABF | SYS | EXECUTE | NO | NO | YES | FUNCTION |
| SELECT_CATALOG_ROLE | SYS | LOGSTDBY$TABF | SYS | EXECUTE | NO | NO | YES | FUNCTION |
| SELECT_CATALOG_ROLE | SYS | DBMS_RCVMAN | SYS | EXECUTE | NO | NO | YES | PACKAGE |
| SELECT_CATALOG_ROLE | SYS | KU$_MONITOR_T | SYS | EXECUTE | NO | NO | YES | TYPE |
| SELECT_CATALOG_ROLE | SYS | DBMS_SCHED_ARGUMENT_IMPORT | SYS | EXECUTE | NO | NO | YES | PACKAGE |
| SELECT_CATALOG_ROLE | ORDSYS | ORDIMDPCALLOUTS | ORDSYS | EXECUTE | NO | NO | YES | PACKAGE |
If I want to grant to a user the read-only access to Data Dictionary tables owned by SYS and read-only access to Performance views, what can I use instead of SELECT_CATALOG_VIEW? The goal is this user to not have any execute privilege on anything owned by system users.