Re: Default user permissions
Date: Tue, 8 Nov 2011 12:29:39 -0500
Message-ID: <CAPptggUhT+YMqXJXnsoroXN4rTAfHCK3_ByW5_KT1u-K-5TM_w_at_mail.gmail.com>
Don,
... and what privilege was introduced with 11g in order to support access control lists for packages such as utl_tcp, utl_smtp?
"its baaaack".
connect.
Brilliant.
Paul
On Tue, Nov 8, 2011 at 12:21 PM, Don Granaman <DonGranaman_at_solutionary.com>wrote:
> It is been the advice of Oracle Corp and the security community for many
> years to NOT use the connect and resource roles. In older versions of
> Oracle prior to 10g, the CONNECT role granted a LOT more than "create
> session". If you want to grant "create session", do so - and avoid using
> these roles altogether.
>
> RESOURCE is worse. Even in 10g, it grants unlimited tablespace.
>
>
> Don Granaman | Phone: 402-361-3073 | Cell: 402-960-6955 | Fax:
> 402-361-3173 | Solutionary | Relevant . Intelligent . Security
>
>
> -----Original Message-----
> From: oracle-l-bounce_at_freelists.org [mailto:oracle-l-bounce_at_freelists.org]
> On Behalf Of Leo Drobnis
> Sent: Tuesday, November 08, 2011 9:44 AM
> To: ORACLE-L
> Subject: Default user permissions
>
> I am a bit puzzled, maybe I am getting rusty.
>
>
> I need to create a user with bare minimum permissions:
>
>
>
> CREATE USER bb_stage
>
> IDENTIFIED BY "password"
>
> DEFAULT TABLESPACE users
>
> TEMPORARY TABLESPACE TEMP;
>
> GRANT CONNECT TO bb_stage;
>
> ALTER USER bb_stage QUOTA UNLIMITED ON "USERS";
>
>
>
> Connect role only has create session.
>
> Public has no privileges.
>
>
>
> However the newly created user can create and drop tables.
>
>
>
> I am trying to find where it's coming from.
>
>
>
> Any idea???
>
>
> --
> http://www.freelists.org/webpage/oracle-l
>
>
> --
> http://www.freelists.org/webpage/oracle-l
>
>
>
-- http://www.freelists.org/webpage/oracle-lReceived on Tue Nov 08 2011 - 11:29:39 CST