Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.misc -> Re: User default directories using imp
On Tue, 29 Apr 2003 22:23:22 +0200, Frank <fvanbortel_at_netscape.net>
wrote:
>Daniel Morgan wrote:
>> Frank wrote:
>>
>>
>>>Daniel Morgan wrote:
><major snip!>
>>
>> The roles to remove are CONNECT, RESOURCE, and DBA.
>>
>> The CONNECT role contains lots of privileges that have nothing to do with connecting
>> to the database. The only privilege required to connect is CREATE SESSION.
>>
>> My suggestion is to create the following roles and others modeled upon them.
>>
>> READONLY --- with only create session
>> DATA_ENTRY -- READONLY plus nothing but INSERT and maybe SELECT and UPDATE into
>> specific tables
>> SUPERVISOR
>> MANAGER
>> EXECUTIVE
>> DEVELOPER
>> SR_DEVELOPER
>> DBA -- and with only those privileges required for the job. DBA does not need to be a
>> clone of SYS
>> --
>
>I like the distinction between developer and sr_developer.
><g>
>And agree on dba, but have never done that, nor seen it.
>The opposite, actually: ran against an implementation,
>where *all* users were given the DBA role.
>Did not question why, as I know the answer: "it did not work
>otherwise".
Once had to deal with an application used by the most messy cable
provider in the Netherlands.
All the tables were owned by the user sa. The password of that user
was sa. The user sa was granted connect, resource, dba.
The answer of the developers was *exactly* the answer above.
Now you ask whether RI was defined.
Sybrand Bakker, Senior Oracle DBA
To reply remove -verwijderdit from my e-mail address Received on Tue Apr 29 2003 - 15:35:27 CDT