RE: Security issues in granting v$view select privileges

From: Walker, Jed S <>
Date: Sat, 20 Nov 2010 19:31:38 +0000
Message-ID: <>

Let me clarify. We aren't opposed to giving out the access, in fact, we believe it will be very beneficial. What we want to figure out is if there are any things in there we shouldn't be granting out.

From: [] On Behalf Of Rumpi Gravenstein Sent: Saturday, November 20, 2010 11:52 AM To: oracle-l-freelists
Subject: Fwd: Security issues in granting v$view select privileges

  • Forwarded message ---------- From: Rumpi Gravenstein <<>> Date: Sat, Nov 20, 2010 at 1:50 PM Subject: Re: Security issues in granting v$view select privileges To:<>


select access to all v$views for troubleshooting purposes. </snip>

My v$view is that if you want good systems, developers need to see what is going on. One does that best with access to the v$ views. If your worried about improper use in production then you should do a dependency audit prior to moving an application to production. If the problem is that development is not good at checking for this type of thing, then that issue should be addressed directly with development.

There are many examples where the v$views are helpful, for instance with code instrumentation. That instrumentation is expressed in calls to the the dbms_application_info package and then seen in the v$session view. If developers don't have access to this view one can't expect code to be instrumented. There are many other views (wait state, plan, etc.) that a good developer will want.

You should be encouraged that your developers want this type of access. The alternative is an environment where "duhvelopers" thrive.


Rumpi Gravenstein


Rumpi Gravenstein

-- Received on Sat Nov 20 2010 - 13:31:38 CST

Original text of this message