Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.tools -> Re: Create User

Re: Create User

From: Sybrand Bakker <postbus_at_sybrandb.demon.nl>
Date: Tue, 1 May 2001 19:52:45 +0200
Message-ID: <tettrehulaleac@beta-news.demon.nl>

"roy fells" <molson_c_at_hotmail.com> wrote in message news:9cmb8101ch0_at_enews4.newsguy.com...
> Hello,
>
> I am fixing some code from the old programmer of the system and he
 has
> a form which is generating an error. I am not sure if this form ever
> functioned right or not but would appreciate if you could tell me why it
> doesn't work, it does the first statement but the subsequent two it
 doesn't,
> when I comment them out it runs fine but I have to go grant the privilages
> myself in sql*plus which is not something I want to have to do. The Admin
> Option wasn't there previously and if I leave it out it says it says it
> can't grant connect without admin option. Thanks for all of your help.
>
> var := execsql('CREATE USER ' || :employee.login_name || ' IDENTIFIED BY
> :password DEFAULT TABLESPACE USR TEMPORARY TABLESPACE TEMPORARY PROFILE
> Default QUOTA UNLIMITED ON INDX QUOTA UNLIMITED ON TEMPORARY QUOTA
 UNLIMITED
> ON USR ACCOUNT UNLOCK');
>
> var := execsql('GRANT CONNECT TO '|| :employee.login_name ||'with ADMIN
> OPTION'); --granting some roles for user
>
> var := execsql('GRANT "PROG_USER" TO "'|| UPPER(:employee.login_name)
||'"')
>
>

Granting connect to with admin option is definitely a bad idea, as it means everyone will be capable of granting connect to someone else who in turn can...
You probably see what I mean. It looks like the code wants you to create an unsecure system.
So I would remove that 'with admin option' immediately.

Regards,

Sybrand Bakker, Oracle DBA Received on Tue May 01 2001 - 12:52:45 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US