Skip to Content
avatar image
Former Member

Data dictionary tables

Hi,

Given below scenario:

O7_DICTIONARY_ACCESSIBILITY = TRUE, must be set to FALSE

Possible Solution: Make it false.

Outcome: User accounts with "SELECT ANY TABLE" privilege currently has select access to tables of all other schemas along with all data dictionary tables.

By making it false user accounts will continue to have access to other application schemas but not data dictionary tables?

Please advise.

Thank you in advance for your inputs on this matter.

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

3 Answers

  • avatar image
    Former Member
    Nov 04, 2009 at 02:54 PM

    Hello,

    07_DICTIONARY_ACCESSIBILITY controls restrictions on SYSTEM privileges. If the parameter is set to true, access to objects in the SYS schema is allowed.

    If this parameter is set to false and you need to access objects in the SYS schema, then you must be granted explicit object privileges.

    Check: http://download.oracle.com/docs/cd/B19306_01/server.102/b14237/initparams134.htm

    Madhu

    Add comment
    10|10000 characters needed characters exceeded

  • Nov 04, 2009 at 03:21 PM

    Refer to sap note 830576 and DO NOT SET parameter O7_DICTIONARY_ACCESSIBILITY

    Add comment
    10|10000 characters needed characters exceeded

  • Nov 04, 2009 at 07:02 PM

    Hello ,

    Plz dont concentrate much on the parameter ...let that be

    with the default value (ie) TRUE.just check the user accounts

    and verify whether they have any other roles attached other

    than "SELECT ANY TABLE".this role allows users access to tables

    in any schema..but they will not have access to SYS tables.

    one more thing plz state what is the thing which you want to set

    to user accounts???.

    Regards,

    Manjula.

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      > Plz dont concentrate much on the parameter

      agree

      > ...let that be with the default value

      yes and no.

      do as Eric mentioned.

      Go to the SAP Note that indicate you how to set the oracle parameters in a SAP installation and DO what the note mentions.

      In this case (assuming that you are in 10g) the note 830576 do not have any recommendation, therefore do NOT set it unless you have a very good reason to set it.

      The default value for this parameter in 10g is FALSE that should be the standard value in a SAP environment.

      As you should only have the SAP db user with the SAPCONN role (834917), it will be able to access any table that he is supposed to access (and the SYS tables are out of the list)