Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: grant resource
On Wed, 20 Oct 1999 11:54:45 -0700, Pete Sharman
<psharman_at_us.oracle.com> wrote:
>Sybrand is correct. As to why they haven't mapped the roles correctly
>to equivalent privileges, only the developer who did this could tell
>you. Basic advice is to create your own roles that grant the right
>privileges, then use those.
Don't want to be hair-splitting, but Sibrand was not totally correct. The fact is that UNLIMITED TABLESPACE privilege is not granted to the RESOURCE role, it is implicitly granted directly to the user who has been granted this role (as Michael Cadod correctly states in his reply). Why it is implemented this way is beyond my imagination....
I agree with you about creating own roles instead of CONNECT and RESOURCE. On any serious installation I would even drop both of this two roles as their names are somewhat misleading and contain some quite powerful (maybe even dangerous) privileges. Back in Oracle6 when there were no roles, this two privileges were providing just what their names suggested. But from Oracle7 on, this two roles has almost nothing in common with their names.
I could even understand someone who came from Oracle6 world to grant this roles to users as a (bad) habit from the old days, but I can't understand new DBAs to use this two roles all the time, without even knowing what is hidden in them. Are they instructed to do so in the courses, or is it just the name of this two roles so misleading?
>Pete
Regards,
Jurij Modic <jmodic_at_src.si>
Certified Oracle DBA (7.3 & 8.0 OCP)