tag:blogger.com,1999:blog-4096575.post5469095606249510975..comments2024-03-18T02:14:37.994-04:00Comments on The Arup Nanda Blog: Difference between Select Any Dictionary and Select_Catalog_RoleArup Nandahttp://www.blogger.com/profile/03392706779349258765noreply@blogger.comBlogger18125tag:blogger.com,1999:blog-4096575.post-61115190106056537752023-10-25T12:35:21.666-04:002023-10-25T12:35:21.666-04:00Good information, I remember that in SQL classes a...Good information, I remember that in SQL classes at the university there were several ways to do a SELECT.<br /><br /><br /><br /><br />___________________________________<br />I work in <a href="https://factored.ai/geospatial-analytics-hidden-power/" rel="nofollow">geospatial analytics</a>.Edwardhttps://www.blogger.com/profile/16207897155711243557noreply@blogger.comtag:blogger.com,1999:blog-4096575.post-85272338112817086232020-12-07T05:04:42.532-05:002020-12-07T05:04:42.532-05:00Thanks for this vital information through your web...Thanks for this vital information through your website. I would like to thank you for the efforts you had made for writing this awesome article.HP Printer Error Code E3http://www.printercustomerservice.co/blog/hp-printer-error-code-e3/noreply@blogger.comtag:blogger.com,1999:blog-4096575.post-3817783372877595882020-08-07T19:45:19.296-04:002020-08-07T19:45:19.296-04:00I can't believe I can earn money weekly from t...I can't believe I can earn money weekly from trading , this is amazing , and all this is from the effort of a company called skylink technology whom I met online and help me out in trading and gave me good tips about trading physiology... indeed skylink technology is a bitcoin/binary forex experts and company and I won't stop thanking them and sharing my testimony until am fully satisfied...... Interested traders should free free to contact mail: skylinktechnes@yahoo.com or whatsapp/telegram: +1(213)785-1553 Anonymoushttps://www.blogger.com/profile/01804304680311897628noreply@blogger.comtag:blogger.com,1999:blog-4096575.post-84052037439301114612019-06-22T01:57:58.509-04:002019-06-22T01:57:58.509-04:00Good information and it is very useful
Sanjary Kid...Good information and it is very useful<br />Sanjary Kids is one of the best play school and preschool in Hyderabad,India. The motto of the Sanjary kids is to provide good atmosphere to the kids.Sanjary kids provides programs like Play group,Nursery,Junior KG,Serior KG,and provides Teacher Training Program.We have the both indoor and outdoor activities for your children.We build a strong value foundation for your child on Psychology and Personality development.<br /><a href="http://www.sanjarykids.com/" rel="nofollow">Preschool in hyderabad</a>kirankumarhttps://www.blogger.com/profile/13908876941130995055noreply@blogger.comtag:blogger.com,1999:blog-4096575.post-53491084043539066012019-06-21T03:50:54.594-04:002019-06-21T03:50:54.594-04:00This comment has been removed by the author.kirankumarhttps://www.blogger.com/profile/13908876941130995055noreply@blogger.comtag:blogger.com,1999:blog-4096575.post-32772116848873622192012-12-07T15:09:52.754-05:002012-12-07T15:09:52.754-05:00@Petr - thanks for your comments.
The sentence yo...@Petr - thanks for your comments.<br /><br />The sentence you are referring to explains the impact on the object creation. So, assung that a user has create view, procedure or some other object creation privilege, without the explicit grant on objects referenced to the user, it will not be possible to create objects. Select Any Dictionary allows that without explicit grants on the system objects to the user. The role does not allow that. The privilege Select Any Dictionary does not let the user create objects.Arup Nandahttps://www.blogger.com/profile/03392706779349258765noreply@blogger.comtag:blogger.com,1999:blog-4096575.post-72889437756729868972012-12-07T04:02:18.414-05:002012-12-07T04:02:18.414-05:00Good arcticle. I am only little confused from sent...Good arcticle. I am only little confused from sentence: <br /><br />"So while both the privileges allow the users to select from v$datafile, the role does not allow the users to create objects; the system privilege does."<br /><br />Which object is possible to create through privilege "select any dictionary"?Anonymoushttps://www.blogger.com/profile/09131504028025315409noreply@blogger.comtag:blogger.com,1999:blog-4096575.post-59886147102619679822011-09-13T09:02:32.513-04:002011-09-13T09:02:32.513-04:00@Pieraldo I stand corrected. Yes, it's a SQL ...@Pieraldo I stand corrected. Yes, it's a SQL command. All SET commands are SQL*Plus, except a few like this. Thanks for pointing it out.Arup Nandahttps://www.blogger.com/profile/03392706779349258765noreply@blogger.comtag:blogger.com,1999:blog-4096575.post-54896384445341186482011-09-10T16:59:36.439-04:002011-09-10T16:59:36.439-04:00Hi Arup,
One more clarification. You stated that
...Hi Arup,<br /><br />One more clarification. You stated that<br />"The SET ROLE command is an SQL*Plus command. To call it from SQL, use this..."<br /><br />The SET ROLE is an SQL Command, not an SQL*Plus command<br /><br />Cheers,<br /><br />Pieraldo AntonelloAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-4096575.post-82889078135039318852011-08-11T23:22:39.034-04:002011-08-11T23:22:39.034-04:00Very well explained. Thank you.Very well explained. Thank you.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4096575.post-947692367268334292011-08-11T07:34:10.219-04:002011-08-11T07:34:10.219-04:00I wrote a little column in my blog which shows the...I wrote a little column in my blog which shows the one more difference.<br /><br />http://srikaroracle.blogspot.com/2010/08/select-privileges-on-sys-schema-views.html<br /><br />Regards,<br />SrikarSrikar Dasarinoreply@blogger.comtag:blogger.com,1999:blog-4096575.post-4534947567121047462011-08-11T07:28:38.346-04:002011-08-11T07:28:38.346-04:00Pretty nice. Enjoyed reading it.Pretty nice. Enjoyed reading it.Srikar Dasarinoreply@blogger.comtag:blogger.com,1999:blog-4096575.post-5666233885373225582011-08-11T07:28:10.159-04:002011-08-11T07:28:10.159-04:00Pretty good, enjoyed reading itPretty good, enjoyed reading itSrikar Dasarinoreply@blogger.comtag:blogger.com,1999:blog-4096575.post-35398644875507763042011-08-02T02:03:17.389-04:002011-08-02T02:03:17.389-04:00HI
I am a newbee to oracle apps ,its realy great t...HI<br />I am a newbee to oracle apps ,its realy great to get your blog about the dictionary and catlogue role...<br />Regards<br /><br /><a href="http://www.suneratech.com" rel="nofollow">oracle fussion middleware</a>kamilinihttps://www.blogger.com/profile/12883006964853561048noreply@blogger.comtag:blogger.com,1999:blog-4096575.post-14990417782450864192011-07-28T03:54:16.640-04:002011-07-28T03:54:16.640-04:00Hi Arup,
You can extend the demo further with
&q...Hi Arup,<br /><br />You can extend the demo further with <br />"O7_DICTIONARY_ACCESSIBILITY" and "SELECT_CATALOG_ROLE". It would slight information added for reference who wants to understand effect of parameter since from Oracle version 7.<br /><br />- Pavan Kumar NAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-4096575.post-89548873534412890432011-07-25T07:42:30.181-04:002011-07-25T07:42:30.181-04:00Pavel and Randolph - yes, that's another impo...Pavel and Randolph - yes, that's another important difference as well. Thank you for your comment and reference to Pavel's blog entry.Arup Nandahttps://www.blogger.com/profile/03392706779349258765noreply@blogger.comtag:blogger.com,1999:blog-4096575.post-84498517464795145062011-07-25T06:08:29.010-04:002011-07-25T06:08:29.010-04:00Hi Arup,
as already indicated by the previous com...Hi Arup,<br /><br />as already indicated by the previous comment, there is a significant difference between the SELECT ANY DICTIONARY system privilege and the SELECT_CATALOG_ROLE apart from what you've described:<br /><br />The SELECT ANY DICTIONARY system privilege allows to query all dictionary tables owned by SYS, e.g. SYS.TAB$, SYS.USER$ etc.<br /><br />This is not possible when using the role - so this is another thing to consider.<br /><br />RandolfRandolfhttps://www.blogger.com/profile/13463198440639982695noreply@blogger.comtag:blogger.com,1999:blog-4096575.post-26496262890384628272011-07-25T00:38:13.489-04:002011-07-25T00:38:13.489-04:00Arup
It is all nice.. but I guess you did not ment...Arup<br />It is all nice.. but I guess you did not mention one important difference between these two roles or maybe an important security related implication of the inherent differences.<br /><br />The important difference between SELECT_CATALOG_ROLE and SELECT ANY DICTIONARY system privilege is about who can and who cannot see user password hashes. This difference is important only in context of Oracle 11g. More details can be found for example here:<br />http://jhdba.wordpress.com/2010/01/04/the-need-to-ensure-that-hashed-password-values-are-safe/<br /><br />In Oracle 10g (and before), the password hash is visible via dba_users view and there is no difference between the two. In 11g+, this has been removed and it is visible only in SYS owned SYS.USER$ table.<br /><br />My personal conclusion:<br />1. If access to data dictionary is required for non-privileged db accounts, SELECT_CATALOG_ROLE should be used instead of SELECT ANY DICTIONARY system privilege for 11g+ to prevent exposure of password hashes.<br />2. Special caution should be taken in case of infrastructural “non-privileged” accounts (license management tools, ad-hoc monitoring tools etc.) as these might pose particular risk given “company wide” deployment scope.<br /><br />PavelPavel Ruzickahttps://www.blogger.com/profile/04746480312675833301noreply@blogger.com