| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: User w/only slct,cnnct,cr session can create tables?
i believe "create table" is one of the system privileges granted (by default) to "connect".
to limit the privileges of the QUERY role, instead of granting "connect", grant only the system privileges: create session, alter session and create synonym.
HTH
"Rob Williamson" <robw_at_physics.umd.edu> wrote in message
news:3AA3B9E9.3571A53B_at_physics.umd.edu...
> I have recently created a user and role in the following way:
>
>
> -- CONNECT AS SYS
> DROP ROLE QUERY;
> CREATE ROLE QUERY;
> grant connect, create session to QUERY
> /
>
> --CONNECT AS SYSTEM
> CREATE USER rds IDENTIFIED by &password
> DEFAULT TABLESPACE userdata
> TEMPORARY TABLESPACE temporary
> QUOTA 10M ON userdata;
>
> GRANT QUERY TO rds;
>
> --CONNECT AS TableOwner
> grant select on oehead to QUERY;
> grant select on oedetl to QUERY;
> grant select on PO_HEADER to QUERY;
> grant select on PO_DETAIL to QUERY;
> grant select on VENDOR to QUERY;
> SPOOL OFF
> /
>
> This user can now create tables and drop them which I would not like him
> to do.
> I tried removing create session but then Oracle will not let me log in
> via sqlplus.
> Am I missing something here, I thought you had to explicitly give these
> permissions?
>
> Thanks
> Rob
>
Received on Sat Mar 10 2001 - 15:36:35 CST
 |
 |