只有select权限，确实也可以for update锁表

一直没注意，赋予查询表的权限在11g之前和12c以后确实有变化了。

https://oracle-base.com/articles/12c/read-object-privilege-12cr1

https://docs.oracle.com/en/database/oracle/oracle-database/19/sqlrf/GRANT.html

如果只赋予查询表权限，12c以后用read，这样才防止用select for update的锁表问题。

[oracle@lnkf ~]$ sqlplus / as sysdba

SQL*Plus: Release 11.2.0.4.0 Production on Tue Sep 16 13:40:40 2025

Copyright (c) 1982, 2013, Oracle.  All rights reserved.

Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options

SQL> create user j identified by j;

User created.

SQL> grant create session to j;

Grant succeeded.

SQL> conn j/j         
Connected.
SQL> conn jyc/jyc
Connected.
SQL> select table_name from user_tables;

TABLE_NAME
------------------------------
FP
T1
MLOG$_T1
T2
T3
T4
T5
R1
MV_R2
MV_R3
R3

TABLE_NAME
------------------------------
MV_R1
J
RUPD$_T1
SALES
P_TAB
NEWFP
N_TAB

18 rows selected.

SQL> grant select on t1 to j;

Grant succeeded.

SQL> conn j/jy
ERROR:
ORA-01017: invalid username/password; logon denied

Warning: You are no longer connected to ORACLE.
SQL> conn j/j
Connected.
SQL> select * from jyc.t1 for update;

        ID NAME
---------- ------------------------------
         1 a

SQL> ^CEnter password: 

SQL> conn jyc/jyc
Connected.
SQL> grant read on t1 to j;
grant read on t1 to j
              *
ERROR at line 1:
ORA-02224: EXECUTE privilege not allowed for tables

SQL> !oerr ora 2224
02224, 00000, "EXECUTE privilege not allowed for tables"
// *Cause:  An attempt was made to grant or revoke an invalid privilege on
//          a table.
// *Action:  Do not attempt to grant or revoke EXECUTE privilege on tables.
 

[oracle@oracle ~]$ sqlplus jyc/jyc

SQL*Plus: Release 19.0.0.0.0 - Production on Tue Sep 16 14:03:14 2025
Version 19.3.0.0.0

Copyright (c) 1982, 2019, Oracle.  All rights reserved.

Last Successful login time: Fri Aug 30 2024 16:33:23 +08:00

Connected to:
Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production
Version 19.3.0.0.0

SQL> select table_name from user_tables;

TABLE_NAME
--------------------------------------------------------------------------------
T

SQL> create user j identified by j;

User created.

SQL> grant connect to j;

Grant succeeded.

SQL> grant read on t to j;

Grant succeeded.

SQL> conn j/jy
ERROR:
ORA-01017: invalid username/password; logon denied

Warning: You are no longer connected to ORACLE.
SQL> conn j/j
Connected.
SQL> select * from jyc.t;

  YYYYMMDD
----------
  20240605
  20240701
  20240711
  20240801
  20240809
  20241101
  20241201
  20241202
  20250101

9 rows selected.

SQL> select * from jyc.t for update;
select * from jyc.t for update
                  *
ERROR at line 1:
ORA-01031: insufficient privileges

SQL> 
SQL> 
SQL> 
SQL> conn jyc/jyc     
Connected.
SQL> grant read any table to j;

Grant succeeded.

SQL> create table t1 as select * from dba_objects;

Table created.

SQL> conn j/j
Connected.
SQL> select count(*) from jyc.t1;

  COUNT(*)
----------
     90811

SQL> select * from jyc.t1 for update;
select * from jyc.t1 for update
                  *
ERROR at line 1:
ORA-01031: insufficient privileges

SQL> 

相关参考：https://blog.csdn.net/jnrjian/article/details/131662071