User can discover request used for view regardless of permissions with SELECT * FROM information_schema.views.
vulners.com/securityvulns/securityvulns:doc:11152