My Oracle Support Banner

Can OPA privileges and roles over SYS.USER$ table (SELECT,UNLIMITED TABLESPACE, RESOURCE , GRANT ANY ROLE) be removed? (Doc ID 2522104.1)

Last updated on FEBRUARY 21, 2023

Applies to:

Oracle Clinical - Version 4.6.5 and later
Information in this document applies to any platform.


OPA account has access(eg : SELECT privilege) to SYS.USER$ and also have UNLIMITED TABLESPACE, RESOURCE , GRANT ANY ROLE.

Impact: This can allow non-privileged users the authorization to open SYS.USER$ table and capture password hashes which can break confidentiality.

Can these privilege(s)/role(s) be removed from OPA?

Will this action have any impact on the OC/RDC application? 


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.