позволяющий найти пользователей, имеющих доступ
Скрипт who_can_access.sql Питера Финигана (Pete Finnigan), позволяющий найти пользователей, имеющих доступ к этим объектам. Получен отсюда.
who_can_access: Release 1.0.3.0.0 - Production on Thu Apr 20 12:53:15 2006 Copyright (c) 2004 PeteFinnigan.com Limited. All rights reserved.
NAME OF OBJECT TO CHECK [USER_OBJECTS]: dba_users OWNER OF THE OBJECT TO CHECK [USER]: sys OUTPUT METHOD Screen/File [S]: FILE NAME FOR OUTPUT [priv.lst]: OUTPUT DIRECTORY [DIRECTORY or file (/tmp)]: EXCLUDE CERTAIN USERS [N]: USER TO SKIP [TEST%]:
Checking object => SYS.DBA_USERS ====================================================================
Object type is => VIEW (TAB) Privilege => SELECT is granted to => User => CTXSYS (ADM = NO) Role => SELECT_CATALOG_ROLE (ADM = NO) which is granted to => Role => OLAP_USER (ADM = NO) which is granted to => User => SYS (ADM = YES) Role => DBA (ADM = YES) which is granted to => User => ABS (ADM = NO) User => SYS (ADM = YES) User => SYSMAN (ADM = NO) User => YU (ADM = NO) User => ABS_TYPES (ADM = NO) User => SYSTEM (ADM = YES) Role => IMP_FULL_DATABASE (ADM = NO) which is granted to => User => SYS (ADM = YES) Role => DBA (ADM = NO) which is granted to => User => ABS (ADM = NO) User => SYS (ADM = YES) User => SYSMAN (ADM = NO) User => YU (ADM = NO) User => ABS_TYPES (ADM = NO) User => SYSTEM (ADM = YES) Role => OLAP_DBA (ADM = NO) which is granted to => Role => DBA (ADM = NO) which is granted to => User => ABS (ADM = NO) User => SYS (ADM = YES) User => SYSMAN (ADM = NO) User => YU (ADM = NO) User => ABS_TYPES (ADM = NO) User => SYSTEM (ADM = YES) User => OLAPSYS (ADM = NO) User => SYS (ADM = YES) User => SH (ADM = NO) Role => EXP_FULL_DATABASE (ADM = NO) which is granted to => Role => DBA (ADM = NO) which is granted to => User => ABS (ADM = NO) User => SYS (ADM = YES) User => SYSMAN (ADM = NO) User => YU (ADM = NO) User => ABS_TYPES (ADM = NO) User => SYSTEM (ADM = YES) User => SYS (ADM = YES) User => PERFSTAT (ADM = NO) User => SYS (ADM = YES) User => IX (ADM = NO)
Таким образом, можно определить пользователей, получивших права SELECT ANY DICTIONARY или SELECT ANY TABLE.
Привилегия SELECT ANY TABLE работает только в случае, если o7_dictionary_accessibilty=TRUE