Hi, Correct, 11.2.0.3 and above removes SELECT_CATALOG_ROLE access through ku$_dblink_view. BECOME USER priv can also be used to select pws as SYS (without SYSDBA). SYS security is an interesting area in general. Cheers, Paul http://www.oracleforensics.com/wordpress/index.php/2012/11/29/sys-security/ -- //www.freelists.org/webpage/oracle-l