Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: CONNECT ROLE

Re: CONNECT ROLE

From: Sybrand Bakker <postbus_at_sybrandb.demon.nl>
Date: Tue, 27 Aug 2002 10:59:31 +0200
Message-ID: <qnfmmu4ruvfebld1n3p509u0shlguurfo8@4ax.com>


On Tue, 27 Aug 2002 09:15:53 +0100, "Niall Litchfield" <n-litchfield_at_audit-commission.gov.uk> wrote:

>I am not entirely sure I understand the problem with CONNECT (apart from the
>fact that it is woefully misnamed). It seems to me that it is about correct
>for accounts that wish to own tables, create data etc etc. In other words
>its pretty well equivalent to the APP_DEVELOPER role that I am trying to
>institute for my application developers. Now I fully accept that what it
>isn't is a low privilege role that allows users to connect to the database
>(hence the woeful misnaming), but *provided that DBA's know what privileges
>it has* what is so wrong with it. In other wrods is it the role that is
>wrong or the misuse of it.
>
>Or is the argument perhaps, that there should be NO predefined roles
>whatsoever (apart from the special case of SYSDBA)?

How many users, do you think, *really* need the privilege to create a table (I'm not referring to sqlserver apps, ported to Oracle ;) 1 percent, 2 percent?
Yet everyone I know grants the CONNECT role indiscriminately to all users, while CREATE SESSION priv would have been sufficient.

Regards

Sybrand Bakker, Senior Oracle DBA

To reply remove -verwijderdit from my e-mail address Received on Tue Aug 27 2002 - 03:59:31 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US