At the risk of sounding like "me too", I would have to agree with
Daniel Morgan. Instead of using the "canned" roles that Oracle has
provided (CONNECT, RESOURCE, etc.) set up roles that do not include
security breaches like CREATE DATABASE LINK which the CONNECT role
includes. Oracle recommends that you set up your own roles anyway and
not use the roles they provide since according to the documentation
"...roles are provided to maintain compatibility with previous
versions of Oracle and may not be created automatically in future
versions of Oracle. Oracle Corporation recommends that you design your
own roles for database security, rather than relying on these roles."
Tom Swier
Received on Mon Jun 17 2002 - 06:55:18 CDT
