Re: Default user permissions

From: Pete Finnigan <>
Date: Tue, 08 Nov 2011 18:08:19 +0000
Message-ID: <>

But Don, as you can see in my post the ability to drop is not connected to the ability to create. I created a table in my test schema as system but i could drop it as my user; its a subtle difference as there is no record that SYSTEM created it other than mining or audit if enabled but its still a difference.



Don Granaman wrote:
> Yes. If he can create them, he can drop them. There is no simple declarative way to restrict a user's privilege on his own objects.
> Don Granaman | Phone: 402-361-3073 | Cell: 402-960-6955 | Fax: 402-361-3173 | Solutionary | Relevant . Intelligent . Security
> -----Original Message-----
> From: [] On Behalf Of Leo Drobnis
> Sent: Tuesday, November 08, 2011 10:33 AM
> To: Stephane Faroult
> Subject: RE: Default user permissions
> No difference.
> On the other hand, can a user drop tables in his own schema without the
> drop table privilege?
> ________________________________
> From: Stephane Faroult []
> Sent: Tuesday, November 08, 2011 11:09 AM
> To: Leo Drobnis
> Subject: Re: Default user permissions
> It comes from role CONNECT, and the reason is compatibility with Oracle
> 5, when CONNECT was a privilege and not a role (roles and privileges
> were introduced with Oracle 6).
> Actually, it comes from the combination of CONNECT (which grants CREATE
> TABLE) with the unlimited quota (which gives the "physical possibility"
> of using the system privilege).
> Grant CREATE SESSION instead of CONNECT. No need for quotas.
> Oh, and RESOURCE is even worse ....


Pete Finnigan
CEO and Founder Limited

Specialists in database security.

Makers of PFCLScan the database security auditing tool.
Makers of PFCLObfuscate the tool to protect IPR in your PL/SQL

If you need help to audit or secure an Oracle database, please ask for
details of our training courses and consulting services

Phone: +44 (0)1904 791188
Fax  : +44 (0)1904 791188
Mob  : +44 (0)7759 277220
site :

Registered Office: 9 Beech Grove, Acomb, York, YO26 5LD, United Kingdom
Company No       : 4664901
VAT No.          : 940668114

Please note that this email communication is intended only for the
addressee and may contain confidential or privileged information. The
contents of this email may be circulated internally within your
organisation only and may not be communicated to third parties without
the prior written permission of Limited.  This email is
not intended nor should it be taken to create any legal relations,
contractual or otherwise.

Received on Tue Nov 08 2011 - 12:08:19 CST

Original text of this message