I'm surprised to hear an experienced DBA say this. Here are a couple of (OK, three) good reasons: --The principle of least privilege says "grant only what is necessary to get the job done". --In many shops, there are security standards that forbid granting "select any table" to non-DBA accounts, and doing so raises a violation (this is the case where I work, for example). --Everyone who has access to the u2 account may not be authorized to see all data in the database. Paul Baumgartel CREDIT SUISSE Information Technology DBA & Admin - NY, KIGA 1 11 Madison Avenue New York, NY 10010 USA Phone 212.538.1143 paul.baumgartel@xxxxxxxxxxxxxxxxx www.credit-suisse.com -----Original Message----- From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx]On Behalf Of bill thater Sent: Wednesday, November 29, 2006 3:37 PM To: kevin.lidh@xxxxxxxxx Cc: toth.istvan@xxxxxxx; oracle-l@xxxxxxxxxxxxx Subject: Re: auto grant select am i missing something here? why can't you just grant slect any table to u2? -- -- Bill "Shrek" Thater ORACLE DBA shrekdba@xxxxxxxxx ------------------------------------------------------------------------ All the girls say Save a horse, ride a cowboy -- //www.freelists.org/webpage/oracle-l ============================================================================== Please access the attached hyperlink for an important electronic communications disclaimer: http://www.credit-suisse.com/legal/en/disclaimer_email_ib.html ============================================================================== -- //www.freelists.org/webpage/oracle-l