Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: CONNECT ROLE
On Tue, 27 Aug 2002 09:15:53 +0100, "Niall Litchfield"
<n-litchfield_at_audit-commission.gov.uk> wrote:
>I am not entirely sure I understand the problem with CONNECT (apart from the
>fact that it is woefully misnamed). It seems to me that it is about correct
>for accounts that wish to own tables, create data etc etc. In other words
>its pretty well equivalent to the APP_DEVELOPER role that I am trying to
>institute for my application developers. Now I fully accept that what it
>isn't is a low privilege role that allows users to connect to the database
>(hence the woeful misnaming), but *provided that DBA's know what privileges
>it has* what is so wrong with it. In other wrods is it the role that is
>wrong or the misuse of it.
>
>Or is the argument perhaps, that there should be NO predefined roles
>whatsoever (apart from the special case of SYSDBA)?
How many users, do you think, *really* need the privilege to create a
table (I'm not referring to sqlserver apps, ported to Oracle ;)
1 percent, 2 percent?
Yet everyone I know grants the CONNECT role indiscriminately to all
users, while CREATE SESSION priv would have been sufficient.
Regards
Sybrand Bakker, Senior Oracle DBA
To reply remove -verwijderdit from my e-mail address Received on Tue Aug 27 2002 - 03:59:31 CDT