Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: CONNECT Role Privileges

Re: CONNECT Role Privileges

From: Mark Bole <makbo_at_pacbell.net>
Date: Wed, 01 Jun 2005 00:43:29 GMT
Message-ID: <Rw7ne.814$IE7.743@newssvr21.news.prodigy.com> 





DA Morgan wrote:



> Holger Baer wrote:

> 



[...]


> To the best of my knoweldge no change was made to RESOURCE although I

> made plea for that change in 10gR3 should there be one. And if not 10gR3

> in 11. The security risk created by these three default roles exceeds

> any possible value they might contain.

> 



[...]



Any idea when Oracle will fix the following problem?



A user granted the RESOURCE role automatically gets the UNLIMITED 
TABLESPACE system privilege.  Roles technically can't be grantees for 
system privileges, but this behavior is hard-coded (an "anomaly" is what 
Tom Kyte called it).



http://asktom.oracle.com/pls/ask/f?p=4950:8:11140506257568189804::NO::F4950_P8_DISPLAYID,F4950_P8_CRITERIA:1063989617206



As I recall this was at the heart of a long and heated thread here 
earlier this year... the only thing everyone agreed on was that it was a 
major problem, much bigger than any associated with CONNECT.



-Mark Bole
Received on Tue May 31 2005 - 19:43:29 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US