Re: What privileges/roles are rquired to create a user
Date: Thu, 16 Sep 2010 22:31:04 +0800
Message-Id: <201009161430.o8GEUtBh020849_at_smtp41.singnet.com.sg>
You could create an ADMIN user and grant the user the privileges :
CREATE SESSION
CREATE USER
GRANT ANY PRIVILEGE
GRANT ANY OBJECT PRIVILEGE
Thus, the ADMIN user is not a DBA (does not have the DBA role) and,
itself, cannot create any objects (Tablespaces, Tables, Sequences,
Packages etc) other than creating other Users. (But then ADMIN can
grant any privilege to a user that it creates --- so that is a
serious loophole !)
Hemant K Chitale
At 03:47 PM Thursday, you wrote:
>Currently whenever we create a new user and grant that user
>privileges we do that as SYSDBA
>
>We would prefer not to do this as SYSDBA
>
>But what are the minimum privilege(s)/role(s) that a user needs to
>allow that user to create new users and grant them privileges?
>
>
Hemant K Chitale
http://hemantoracledba.blogspot.com
-- http://www.freelists.org/webpage/oracle-lReceived on Thu Sep 16 2010 - 09:31:04 CDT