RE: Default user permissions

From: Leo Drobnis <Leo.Drobnis_at_dealertrack.com>
Date: Tue, 8 Nov 2011 10:57:56 -0500
Message-ID: <C30A2BC684C61749B6FE649A21711DB710E511_at_dtcanexch03.canada.dt.inc>

Yes, I did:

select * from dba_sys_privs where grantee='BB_STAGE'

no rows selected.

GRANTEE                        GRANTED_ROLE

ADMIN_OPTION
------------------------------ ------------------------------

DEFAULT_ROLE

BB_STAGE                       CONNECT                        NO

YES

1 row selected.

select * from dba_sys_privs where grantee='CONNECT'

GRANTEE                        PRIVILEGE                               


------------------------------ ----------------------------------------

ADMIN_OPTION

CONNECT                        CREATE SESSION                          
NO

1 row selected.

select * from dba_role_privs where grantee='CONNECT'

no rows selected.

Also, public has no privileges...

-----Original Message-----

From: Joel.Patterson_at_crowley.com [mailto:Joel.Patterson_at_crowley.com] Sent: Tuesday, November 08, 2011 10:51 AM To: Leo Drobnis; oracle-l_at_freelists.org Subject: RE: Default user permissions

Personally, I skip connect role and just grant create session; but that's besides the point. If you want minimum of permissions, why not say quota 0 on users.

Are you sure you checked dba_role_privs where grantee = 'CONNECT' and dba_sys_privs? Because what you describe should not allow bb_stage to create tables without CREATE TABLE somewhere.

Joel Patterson
Database Administrator
904 727-2546

-----Original Message-----

From: oracle-l-bounce_at_freelists.org
[mailto:oracle-l-bounce_at_freelists.org] On Behalf Of Leo Drobnis Sent: Tuesday, November 08, 2011 10:44 AM To: ORACLE-L
Subject: Default user permissions

I am a bit puzzled, maybe I am getting rusty.

I need to create a user with bare minimum permissions:

CREATE USER bb_stage

IDENTIFIED BY "password"

DEFAULT TABLESPACE users

TEMPORARY TABLESPACE TEMP; GRANT CONNECT TO bb_stage;

ALTER USER bb_stage QUOTA UNLIMITED ON "USERS";

Connect role only has create session.

Public has no privileges.

However the newly created user can create and drop tables.

I am trying to find where it's coming from.

Any idea???

--

http://www.freelists.org/webpage/oracle-l

--

http://www.freelists.org/webpage/oracle-l Received on Tue Nov 08 2011 - 09:57:56 CST

This message: [ Message body ]
Next message: TJ Kiernan: "RE: RMAN Recovery - I'm missing a step or something"
Previous message: Joel.Patterson_at_crowley.com: "RE: Default user permissions"
In reply to: Joel.Patterson_at_crowley.com: "RE: Default user permissions"
Next in thread: Joel.Patterson_at_crowley.com: "RE: Default user permissions"
Reply: Joel.Patterson_at_crowley.com: "RE: Default user permissions"
Reply: Mark W. Farnham: "RE: Default user permissions"
Reply: Sheehan, Jeremy: "RE: Default user permissions"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message