1. View what permissions a role has
SELECT * FROM ROLE_SYS_PRIVS
2. Check the default roles in the database
select distinct role from role_sys_privs;
EXP_FULL_DATABASE
AQ_ADMINISTRATOR_ROLE
DBA
OEM_ADVISOR
RECOVERY_CATALOG_OWNER
SCHEDULER_ADMIN
OLAP_USER
RESOURCE
IMP_FULL_DATABASE
OWB$CLIENT
DATAPUMP_EXP_FULL_DATABASE
CONNECT
OLAP_DBA
JAVADEBUGPRIV
DATAPUMP_IMP_FULL_DATABASE
OEM_MONITOR
MGMT_USER
3. View the system permissions owned by the user in the database
SQL> select privilege from dba_sys_privs where grantee='DAYU0424'; #describes system privileges granted to users and roles
PRIVILEGE
----------------------------------------
SELECT ANY TABLE
UNLIMITED TABLESPACE -- permissions that the user has after they are created
4. View the roles a user has
SQL> select GRANTED_ROLE from dba_role_privs where grantee='DAYU0424'; #describes the roles granted to all users and roles in the database
GRANTED_ROLE
------------------------------
RESOURCE
CONNECT
5. View the authorizer and authorizer of the object
SQL> SELECT DISTINCT PRIVILEGE FROM DBA_TAB_PRIVS; <!--DBA_TAB_PRIVS
describes all object grants in the database -->
SQL> GRANT SELECT ON DAYU.DAYU0322 TO DAYU0424;
Grant succeeded.
SQL> GRANT UPDATE ON DAYU.DAYU0322 TO DAYU0424;
Grant succeeded.
Unresolved problem: imse1 user has the role of imp/exp, but does not have the permission to select any dictionary, and can still view the corresponding data dictionary. EXP_FULL_DATABASE and IMP_FULL_DATABASE have no corresponding select any dictionary permission.