As part of new Oracle 12c Database security implementation, they have stripped the system privilege ” SELECT ANY DICTIONARY ” from accessing the following SYS tables: USER$, ENC$,DEFAULT_PWD$, LINK$, USER_HISTORY$, CDB_LOCAL_ADMINAUTH$, XS$VERIFIERS.
The reason they removed access from these tables, is just in case you grant “select any dictionary” to a non-dba account, this account wont be able to see the “hashed passwords”. Only the SYS account will be able to query these tables.
in 12c if you simulate that:
SQL> grant select any dictionary to account1;
SQL> select * from SYS.USER$;
ORA-01031: insufficient privileges
Bingo……..you can’t query USER$ table although you are granted the “select any dictionary” privilege.