Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: How do you grant connection permission to a user?
Peter wrote:
> On Mon, 26 May 2003 08:25:17 -0700, Daniel Morgan
> <damorgan_at_exxesolutions.com> wrote:
>
> >Sander Goudswaard wrote:
> >
> >> Peter <peter_at_nomorenewsspammin.ca> wrote in
> >> news:s9p3dvotmmarhun3cng44d59mgifsl4eqj_at_4ax.com:
> >>
> >> > How do you grant connection permission to a user?
> >> > By granting create session privilege?
> >> >
> >>
> >> grant connect to luser;
> >>
> >> - Sander
> >
> >That is not correct. Connect is a role that has absolutely nothing to do
> >with connecting to the database.
> >
> >The role contains the create session privilege which is why it works.
> >
> >The connect role should never be granted to any user and, in fact,
> >should be dropped about as fast as
> >change_on_install.
>
> Are you saying the connect role has to be dropped? How about backward
> compatibility? I have many users with that role..
I wouldn't say "HAS TO BE" dropped anymore than I would say
"change_on_install" HAS TO BE" changed.
But I'd say and DBA that doesn't should be escorted to the door and given an
invitation to the unemployement
queue. Same thing goes for not dropping CONNECT and RESOURCE.
Backward compatibility is irrelevant as the problem privileges contained in
CONNECT and RESOURCE are
almost always never used legitimately. New roles should be created that
contain the privileges required:
And nothing more.
-- Daniel Morgan http://www.outreach.washington.edu/extinfo/certprog/oad/oad_crs.asp damorgan_at_x.washington.edu (replace 'x' with a 'u' to reply)Received on Mon May 26 2003 - 19:08:33 CDT