| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.tools -> Re: retrieve foreign keys list
In article <3B2A7030.66A9D3C2_at_attws.com>, "Daniel says...
>
>Thomas Kyte wrote:
>
>> In article <3B2A4DB5.A497E105_at_attws.com>, "Daniel says...
>> >
>> >> But the Oracle manuals have been advising users for
>> >> years that the CONNECT, RESOURCE, and DBA
>> >> roles exist only for backwards compatibility and
>> >> should not be used in future developments. Each site
>> >> is supposed to design its own roles, so it is perfectly
>> >> reasonable for the ALL_ and USER_ views to be
>> >> unavailable at a well-controlled site.
>> >>
>> >> --
>> >> Jonathan Lewis
>> >
>> >They have ... and I drop them as soon as I install an instance.
>> >
>> >But I have yet to visit a client site where they were not still in place and
>> >assigned as the defaults.
>> >
>>>If our correspondent doesn't have a competent DBA on-site to ask the question
he
>> >asked here ... there is a 99.999+% chance he has CONNECT.
>>
>>Not that it is relevant but the USER_ and ALL_ views are assigned to PUBLIC, not
>> to a connect role.
>>
>> He doesn't need connect, just create session.
>>
>> >
>> >Daniel A. Morgan
>> >
>>
>> Thomas Kyte (tkyte_at_us.oracle.com) Oracle Service Industries
>> Howtos and such: http://asktom.oracle.com/ http://asktom.oracle.com/~tkyte/
>> Oracle Magazine: http://www.oracle.com/oramag
>> Opinions are mine and do not necessarily reflect those of Oracle Corp
>
>Thanks for the added information.
>
>Any chance we can get Oracle to dump these default roles? Or at least to remove
>CREATE DATABASE LINK from CONNECT. That is the most dangerous of them all.
>
It is in sql.bsq which is run when we create a database:
create role connect
/
grant create session,alter session,create synonym,create view,
create database link,create table,create cluster,create sequence to connect
/
create role resource
/
grant create table,create cluster,create sequence,create trigger,
create procedure, create type, create indextype, create operator
to resource
/
create role dba
/
grant all privileges to dba with admin option
/
Why the heck do you believe create database link is a "bad" thing? Seems pretty safe to me. It does not give you the ability to do anything you should not be able to do?
>Daniel A. Morgan
>
-- Thomas Kyte (tkyte@us.oracle.com) http://asktom.oracle.com/ Expert one on one Oracle, programming techniques and solutions for Oracle. http://www.amazon.com/exec/obidos/ASIN/1861004826/ Opinions are mine and do not necessarily reflect those of Oracle CorpReceived on Sat Jul 21 2001 - 16:53:32 CDT
 |
 |