In the Oracle connector documentation, the topic Creating the connector's LogMiner user specifies use of the ANY command when specifying the SELECT and FLASHBACK grants that are needed to configure Debezium access to the database.

Per a Slack conversation with Support, a customer expressed concern about the relatively open access that use of the ANY grant provides to the connector, and asked whether it is possible to replace the ANY grant with a more focused privilege.

Update the topic to specify that for improved security, customers can grant the Debezium Oracle user more restrictive access, replacing the SELECT ANY TABLE and FLASHBACK ANY TABLE commands to explicitly permit access to only the subset of tables that the connector intends to capture.