Posted by ErmanArslansOracleBlog on Feb 13, 2022; 7:47am
URL: http://erman-arslan-s-oracle-forum.124.s1.nabble.com/User-who-read-dictionary-tables-tp10637p10648.html

 ALL_* views provides access to the objects that your user already have access..
If you need such a thing for limiting the access, you may consider revoking the grants for the related objects from that user.

So, in short; the data that your user sees in those views is limited to the objects that your user has access to. (user's objects + objects that user has access to)

Note that, the dictionary only displays the information for the objects that user is allowed to see, this means -> it is not a security issue.

Those types of objects are granted to public..(I can't check it right now, but it should be so.. please check it..) You know what it means right? Anyways; you may consider revoking the public grants for those all_ * views but there may be consequences and it should be managed well.. If you consider such a thing, you should make Oracle Support approve your action plan.. this is the safest approach..


See the following ->

http://www.petefinnigan.com/weblog/archives/00001220.htm

Als obe cautious and see - >

Cautious When Revoking Privileges Granted to PUBLIC (Doc ID 247093.1)

Also see ->

https://asktom.oracle.com/pls/apex/asktom.search?tag=revoke-access