Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: CONNECT ROLE
"Howard J. Rogers" wrote:
> Niall Litchfield wrote:
>
> > "Pete Sharman" <peter.sharman_at_oracle.com> wrote in message
> > news:akdl7501qba_at_drn.newsguy.com...
> > <of ditching CONNECT>
> >> Unfortunately, there's one very simple reason for this. Because we
> > haven't got
> >> rid of the role. I've been pushing for getting rid of the CONNECT,
> > RESOURCE and
> >> DBA roles for eons (shows you how far I am up the totem pole, hey?!), but
> >> unfortunately there are far too may pieces of software out there (our own
> > Apps
> >> product used to be one of them, not sure if it still is) that need the
> > CONNECT
> >> role at least to be installed correctly. What needs to happen is for
> > someone to
> >> actually come out and say "These roles are going to be desupported in
> > version x
> >> and obsolete in version y" so that the companies that make software that
> > uses
> >> them have time to move to the right way of doing things. Who knows when
> > we'll
> >> see that, though. Not me!
> >
> > I am not entirely sure I understand the problem with CONNECT (apart from
> > the fact that it is woefully misnamed). It seems to me that it is about
> > correct for accounts that wish to own tables, create data etc etc. In
> > other words its pretty well equivalent to the APP_DEVELOPER role that I am
> > trying to institute for my application developers. Now I fully accept that
> > what it isn't is a low privilege role that allows users to connect to the
> > database (hence the woeful misnaming), but *provided that DBA's know what
> > privileges it has* what is so wrong with it. In other wrods is it the role
> > that is wrong or the misuse of it.
> >
> > Or is the argument perhaps, that there should be NO predefined roles
> > whatsoever (apart from the special case of SYSDBA)?
> >
>
> Ahem. SYSDBA is a system privilege, not a role.
>
> But yes, you wouldn't believe the proportion of students who routinely
> raise their hands when I ask them 'do you grant connect, resource after
> creating a user".
>
> So its a teaching/training/experience issue, I would say, not the role
> itself.
>
> Bit like blaming the glass for being fragile when a cricket ball is batted
> through it by some delinquent child or other.
>
> Regards
> HJR
>
> >
> > --
> > Niall Litchfield
> > Oracle DBA
> > Audit Commission UK
> > *****************************************
> > Please include version and platform
> > and SQL where applicable
> > It makes life easier and increases the
> > likelihood of a good answer
> >
> > ******************************************
I would agree with one exception. Oracle should stop including them in the database by default as they serve no useful purpose.
Daniel Morgan Received on Tue Aug 27 2002 - 13:05:12 CDT