We have a situation where all of our clients who access our data through Oracle direct connect have update and delete access to our underlying system tables in the SDE schema. For instance all of our clients have the ability to delete records in the SDE.GDB_ITEMS table. This is in spite of following the recommended Esri approach - detailed in
https://desktop.arcgis.com/en/arcmap/latest/manage-data/gdbs-in-oracle/privileges-oracle.htm#
We would like Esri to either close this security hole or to receive guidance on how we could ensure that external clients do not have access to our system tables.
We are aware of the article detailed below, however the approach suggested is not practical due to the need to recompile the SDE schema every time when need to entitle a new client.
https://support.esri.com/en-us/knowledge-base/can-the-execute-privilege-be-removed-from-public-on-or...
