I see no such grant in catqm.sql in 10.2 or 11.2; I expect that this was version 9 behavior and was corrected in later releases to close possible security holes. I do not have a 10.1 installation to check. David Fitzjarrell ________________________________ From: "david@xxxxxxxxxxxxxxxxxxxx" <david@xxxxxxxxxxxxxxxxxxxx> To: oracle-l@xxxxxxxxxxxxx Sent: Wednesday, July 18, 2012 8:31 PM Subject: PUBLIC privileges on XDB$ACL Hey all, I'm trying to track down the source of a overly permissive privilege issue on XDB$ACL. At about Oracle 9.2 when Oracle XML Database is installed it seems catqm.sql (or one of its sub-scripts) executed "grant all on XDB.XDB$ACL to public" Current version of Oracle don't, but I'm trying to work out if earlier or later versions also did this too. Any help would be very much appreciated! Thanks, David -- //www.freelists.org/webpage/oracle-l -- //www.freelists.org/webpage/oracle-l