Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: CONNECT Role Privileges
Holger Baer wrote:
> DA Morgan wrote:
>
>> The following is quoted from the 10gR2 Beta document. >> ======================================================================= >> The connect role privilege reduction feature reduces the number of >> privileges granted to the connect role to one, the CREATE SESSION >> privilege. The privileges have been removed from the connect role: >> >> - CREATE CLUSTER >> - CREATE DATABASE LINK >> - CREATE SEQUENCE >> - ALTER SESSION >> - CREATE SYNONYM >> - CREATE TABLE >> - CREATE VIEW >> >> This feature assists customers in deploying secure configurations by >> helping enforce the least privilege principle. >> ======================================================================= >> >> This change may or may not be related to the comments here, and >> elsewhere, with respect to the dangers related to creating users and >> giving them the CONNECT role. But it makes me very happy and I have >> received permission to post it here at c.d.o.server. >> >> So be warned ... if you have been using CONNECT as the lazyman's way >> of creating users with permission to connect to the database ... it >> will not work the same way in the future unless you intentionally >> modify the role. Hopefully no one will but rather will create their >> own custom roles that reflect job titles and responsibilities.
I always granted them dba - sometimes I had to add
select any table, though.
Usually does gets the job done.
BWUHAHAHAHAH (smell the sulfur yet?)
-- Regards, Frank van Bortel The comments in this message should only be used by experienced users. I can take no responsibility for accidents or damage caused by following the above advice. I am not liable in any way.Received on Tue May 31 2005 - 13:10:46 CDT