Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: CONNECT Role Privileges
DA Morgan wrote:
> Holger Baer wrote:
>
[...]
> To the best of my knoweldge no change was made to RESOURCE although I
> made plea for that change in 10gR3 should there be one. And if not 10gR3
> in 11. The security risk created by these three default roles exceeds
> any possible value they might contain.
>
[...]
Any idea when Oracle will fix the following problem?
A user granted the RESOURCE role automatically gets the UNLIMITED TABLESPACE system privilege. Roles technically can't be grantees for system privileges, but this behavior is hard-coded (an "anomaly" is what Tom Kyte called it).
As I recall this was at the heart of a long and heated thread here earlier this year... the only thing everyone agreed on was that it was a major problem, much bigger than any associated with CONNECT.
-Mark Bole Received on Tue May 31 2005 - 19:43:29 CDT