Re: Create User

Sybrand Bakker wrote in message ...
>
>"roy fells" <molson_c_at_hotmail.com> wrote in message
>news:9cmb8101ch0_at_enews4.newsguy.com...
>> Hello,
>>
>> I am fixing some code from the old programmer of the system and he
 has
>> a form which is generating an error. I am not sure if this form ever
>> functioned right or not but would appreciate if you could tell me why it
>> doesn't work, it does the first statement but the subsequent two it
 doesn't,
>> when I comment them out it runs fine but I have to go grant the
 privilages
>> myself in sql*plus which is not something I want to have to do. The Admin
>> Option wasn't there previously and if I leave it out it says it says it
>> can't grant connect without admin option. Thanks for all of your help.
>>
>> var := execsql('CREATE USER ' || :employee.login_name || ' IDENTIFIED BY
>> :password DEFAULT TABLESPACE USR TEMPORARY TABLESPACE TEMPORARY PROFILE
>> Default QUOTA UNLIMITED ON INDX QUOTA UNLIMITED ON TEMPORARY QUOTA
 UNLIMITED
>> ON USR ACCOUNT UNLOCK');
>>
>> var := execsql('GRANT CONNECT TO '|| :employee.login_name ||'with ADMIN
>> OPTION'); --granting some roles for user
>>
>> var := execsql('GRANT "PROG_USER" TO "'|| UPPER(:employee.login_name)
>||'"')
>>
>>
>
>Granting connect to with admin option is definitely a bad idea, as it means
>everyone will be capable of granting connect to someone else who in turn
>can...
>You probably see what I mean. It looks like the code wants you to create an
>unsecure system.
>So I would remove that 'with admin option' immediately.
>
>Regards,
>
 

>Sybrand Bakker, Oracle DBA

Ok I will remove the with admin option as I can see the trouble that would be caused by this. Thanks for the tip.

Roy Fells Received on Tue May 01 2001 - 13:36:49 CDT