This is an interesting post by Tanel Poder on “Your read only accounts aren’t that read only”. Basically a read-only account with the select privilege only on a table can issue the lock on that table even though it does not have any DML privileges. This means that it could prevent any further DMLs (causing denial of service) to other valid sessions. This behavior is not new. But explanation, examples and work-around/semi-solution by Tanel are clear.