select u.username
from dba_users u
where u.username in
(select rp.grantee
from dba_role_privs rp
where rp.granted_role in
(select a.grantee
from dba_sys_privs a
where a.privilege = 'CREATE DATABASE LINK'))
or u.username in
(select sp.grantee
from dba_sys_privs sp
where sp.privilege = 'CREATE DATABASE LINK')

哇哈哈，应该不全面吧。因为有通过ROLE级联授权的方式：

SQL> create role abc;

Role created.

SQL> create role def;

Role created.

SQL> grant create session to abc;

Grant succeeded.

SQL> grant abc to def;

Grant succeeded.

SQL> create user test identified by test;

User created.

SQL> grant def to test;

Grant succeeded.

--查询TEST用户是否具有create session权限，结果没有。我在你的查询外面加了个外套，外套里限制条件是username='TEST'
select * from (
select u.username
from dba_users u
where u.username in
(select rp.grantee
from dba_role_privs rp
where rp.granted_role in
(select a.grantee
from dba_sys_privs a
where a.privilege = 'CREATE SESSION'))
or u.username in
(select sp.grantee
from dba_sys_privs sp
where sp.privilege = 'CREATE SESSION')) where username='TEST';

no rows selected

SQL> exit
Disconnected from Oracle Database 12c Enterprise Edition Release 12.1.0.2.0 - 64bit Production
With the Partitioning, OLAP, Advanced Analytics, Real Application Testing
and Unified Auditing options

test可以登录SQLPLUS
[oracle@iZ94t0nyo72Z ~]$ sqlplus test/test

SQL*Plus: Release 12.1.0.2.0 Production on Thu Nov 3 16:17:51 2022

Copyright (c) 1982, 2014, Oracle. All rights reserved.


Connected to:
Oracle Database 12c Enterprise Edition Release 12.1.0.2.0 - 64bit Production
With the Partitioning, OLAP, Advanced Analytics, Real Application Testing
and Unified Auditing options


Session altered.

Elapsed: 00:00:00.00

SQL> exit