ORACLE PL/SQL: Our DBA doesn't give us the GRANT to read from V$ Oracle system views

Question

Our Data Base Administrator doesn't give us the GRANT to SELECT from V$ Oracle system views, for example V$SQLAREA, V$SESSION, and so on.

Is there a valid reason for this, in your opinion?

Granting select from V$ views could be dangerous?

Could it expose the database to vulnerabilities?

Thank you very much for considering my request.

Answer 1

In highly critical production systems where there is high concurrency and typical contention for resources, running queries against the data dictionary can aggravate performance, so that would be understandable. Even DBAs themselves can add to problems by over-monitoring views such as v$sql and v$sqlarea.

In most cases it is not a problem, so we have a special user that has SELECT_CATALOG_ROLE and we grant blanket access to that user. It also makes it easier to monitor what views are being used and why.

Answer 2

If DBA is in your own company - there is no valid reason. He should. Try to ask him personally, whats the catch. If DBA is in customers side (and all the DB is managed by client, you just develop in it) - there are some reasons, like confidentiality and commercial secrets. But everything can be arranged. Talk to your superiors, give arguments for your request.

Answer 3

Some DBAs are just control freaks :)

Having said which, it is true that SQL text in live environments could contain sensitive data in the WHERE clause, so it is more understandable for certain views in UAT and PRODUCTION. But a blanket ban is just lazy.

The nub is, why do you need access to the V$ views? If you're being asked to investigate problems in live environments relating to performance, locking and so forth you need to query those views. So get your boss involved and make a case for sensible access to the views you need, fitting within any data governance (or other valid) concerns.