Re: Default user permissions

From: Norman Dunbar <>
Date: Thu, 10 Nov 2011 08:37:44 +0000
Message-ID: <>

On 09/11/11 18:28, wrote:

> The other great third party vendor recommendations is to grant DBA, (or actually both at same time, thus giving the DBA an immediate 'ah oh, somebody doesn't know oracle moment'. Third parties want their product to seem easy to install, maintain and use, and appear to work out of the box: -- security and safety not a concern for them, selling the product is the goal. 'God' rights work pretty good for that, and last long enough to settle it.
Tell me about it! I have supported applications that required DBA, CONNECT and RESOURCE - and yes, I have that "hmmm" moment when I read that.

I usually send a "bug" report back to the vendor asking them to specify *exactly* what is needed and not what they used in their development.

So far, I'be had one solitary vendor do the work and figure it all out. The rest state that if we don't assign those exact privs, they won't support the application. Which makes me thing, probably correctly, that they *really* don't have a clue about Oracle - especially when you point out the overlaps - they still insist on all three.

That's when we get the security teams involved - nasty! ;-)


Norman Dunbar
Dunbar IT Consultants Ltd

Registered address:
Thorpe House
61 Richardshaw Lane
West Yorkshire
United Kingdom
LS28 7EL

Company Number: 05132767
Received on Thu Nov 10 2011 - 02:37:44 CST

Original text of this message