Here is what I do not like. If you give someone the ability to select any dictionary, a user has the necessary privs to select trigger information from dba_objects, but not all_objects. That seems a bit backwards. If security were such a big concern, why allow access to dba_objects instead of all_objects? Why not just make a private synonym for dba_objects called all_objects? =) DBARMAN_SQL > grant create session, select any dictionary to test identified by test; Grant succeeded. DBARMAN_SQL > connect test/test Connected. DBARMAN_SQL > select count(*) from all_objects where object_type = 'TRIGGER'; COUNT(*) ---------- 0 DBARMAN_SQL > select count(*) From dba_objects where object_type = 'TRIGGER'; COUNT(*) ---------- 4 On 10/29/07, Powell, Mark D <mark.powell@xxxxxxx> wrote: > > Security. By default on the owner and DBA's can see trigger (and also > package body) source. > > Triggers are often used for auditing. If you can see what the trigger > does then you can write the DML to remove the generated trail. > > There are ways to provide access to source code without granting DBA or > ANY privileges. For developers we provide a modified version of the > user_source view that we then grant select on. > > -- Mark D Powell -- > Phone (313) 592-5148 > -- Charles Schultz