Jared Still wrote:
> On Sat, 06 Nov 2004 04:59:25 -0800, DA Morgan wrote:
>
>
>>>GRANT CONNECT, RESOURCE TO user;
>>>or
>>>GRANT DBA TO user;
>>>
>>>Hope that helps ...
>>
>>It is highly recommended that no one ever grant these roles to anyone
>>except for purposes of training. Oracle, in fact, advises treating them
>>like SCOTT/TIGER which means dropping them on installation. They do not
>>belong in a production database.
>>
>>The correct thing to do is to create your own roles and then grant the
>>specific privileges required.
>>
>>Go to http://www.psoug.org
>>click on Morgan's Library
>>click on System Privileges
>
>
> While I have no doubt that creating your own roles is a good idea,
> especially in the case of the RESOURCE role with its UNLIMITED
> TABLESPACE privilege, I can't recall seeing this recommendation
> from Oracle.
>
> Is there a Metalink Note # or something to refer to on this?
>
> Jared
I don't have a copy handy but it has been out there for a very long
time. I wouldn't worry so much about RESOURCE ... how about the privs
in CONNECT? OEM, for example, grants CONNECT to every user and this
includes the privilege to create database links?
--
Daniel A. Morgan
University of Washington
damorgan_at_x.washington.edu
(replace 'x' with 'u' to respond)
Received on Mon Nov 08 2004 - 02:46:19 CST
