I think it was Mr. Finnigan that pointed out on this list once that if you create a database link like this: create database link MY_LINK connect to SOME_USER identified by SOME_USER_PASSWORD using 'tns_alias' ; Then a user with 'SELECT ANY DICTIONARY' would be able to see the password in clear text with this query: select * from sys.link$ ; From an Oracle 9.2 database SQL> create database link X.Y.Z 2 connect to SOME_USER identified by SOME_USER_PASSWORD 3 using 'tns_alias' ; Lien de base de données créé. SQL> select userid, password from sys.link$ where name = 'X.Y.Z' ; USERID PASSWORD ------------------------------ ------------------------------ SOME_USER SOME_USER_PASSWORD SQL> -----Message d'origine----- De : oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx] De la part de Fred Smith Just wanted to get your thoughts ... is there any "danger" to granting developers the SELECT ANY DICTIONARY role in the database? (IMHO, they don't particulary need such "open" access, however tools such as OEM require it for login apparently). -- //www.freelists.org/webpage/oracle-l