Well, there is no way around this if they need to use OEM. I would try to discourage this usage. If not, only give them SELECT ANY DICTIONARY and select_catalog_role, not oem_manager - this will give them read-only access. There is also the issue of access to the password hash in DBA_USERS, but that is an altogether different topic that is sure to start a wild fire. -- Ron Reidy Lead DBA Array BioPharma, Inc. -----Original Message----- From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx] On Behalf Of Fred Smith Sent: Monday, October 17, 2005 12:59 PM To: oracle-l@xxxxxxxxxxxxx Subject: Select any dictionary role Hello all, Just wanted to get your thoughts ... is there any "danger" to granting developers the SELECT ANY DICTIONARY role in the database? (IMHO, they don't particulary need such "open" access, however tools such as OEM require it for login apparently). Thanks for the multiple $0.02! -Fred S. _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ -- //www.freelists.org/webpage/oracle-l This electronic message transmission is a PRIVATE communication which contains information which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. If you are not the intended recipient, please be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited. Please notify the sender of the delivery error by replying to this message, or notify us by telephone (877-633-2436, ext. 0), and then delete it from your system. -- //www.freelists.org/webpage/oracle-l