Re: Minimum privileges for users
From: Mark D Powell <Mark.Powell2_at_hp.com>
Date: Tue, 17 Nov 2009 07:25:09 -0800 (PST)
Message-ID: <edf73d00-8107-4a45-8087-87dafcc6b8f6_at_a31g2000yqn.googlegroups.com>
On Nov 17, 7:52 am, "Álvaro G. Vicario"
<alvaro.NOSPAMTH..._at_demogracia.com.invalid> wrote:
> Álvaro G. Vicario escribió:
>
>
>
>
>
> > Shakespeare escribió:
> >> Álvaro G. Vicario schreef:
> >>> We have just installed Oracle Database 11g Release 11.1.0.7.0 in a
> >>> Windows Server 2003 box. We'll be using it to develop PHP
> >>> applications with Oracle backend so:
>
> >>> 1. We haven't purchased a license
> >>> 2. There is no DBA in the house
>
> >>> With only 10g XE edition background, I'm pretty lost with user
> >>> administration. (I'm using the built-in web console.) I just need to
> >>> create users that have full access to their own schemas and no access
> >>> to system or other user's stuff. I'm currently assigning the
> >>> "CONNECT" and "RESOURCE" roles and all the system privileges but I
> >>> suppose that's way too much.
>
> >>> What permissions would be appropriate?
>
> >>> I understand it's all explained in the extensive documentation but
> >>> it's just a disposable dev box and I am not a DBA :_(
>
> >> None. You need a license.
>
> > Gasp.... Is is possible I misread the license terms or confused them
> > with the XE edition :-?
>
> http://www.oracle.com/technology/software/popup-license/standard-lice...
>
> LICENSE RIGHTS
>
> We grant you a nonexclusive, nontransferable limited license to use the
> programs only for the purpose of developing, testing, prototyping and
> demonstrating your application, and not for any other purpose. If you
> use the application you develop under this license for any internal data
> processing or for any commercial or production purposes, or you want to
> use the programs for any purpose other than as permitted under this
> agreement, you must obtain a production release version of the program
> by contacting us or an Oracle reseller to obtain the appropriate license.
>
> You may not:
>
> - use the programs for your own internal data processing or for any
> commercial or production purposes, or use the programs for any purpose
> except the development of your application;
>
> As I said, I'm not a lawyer, but what I understand from all this is that
> I cannot use an unlicensed copy of Oracle to store data but I can use it
> to write an application for a third-party that will eventually run the
> finished app against their own licensed server. I've read the word
> "Evaluation copy" nowhere in the download section... It looks like a
> sensible way to increase sales through promoting development. Am I wrong?
>
> --
> --http://alvaro.es- Álvaro G. Vicario - Burgos, Spain
> -- Mi sitio sobre programación web:http://borrame.com
> -- Mi web de humor satinado:http://www.demogracia.com
> --- Hide quoted text -
>
> - Show quoted text -
Date: Tue, 17 Nov 2009 07:25:09 -0800 (PST)
Message-ID: <edf73d00-8107-4a45-8087-87dafcc6b8f6_at_a31g2000yqn.googlegroups.com>
On Nov 17, 7:52 am, "Álvaro G. Vicario"
<alvaro.NOSPAMTH..._at_demogracia.com.invalid> wrote:
> Álvaro G. Vicario escribió:
>
>
>
>
>
> > Shakespeare escribió:
> >> Álvaro G. Vicario schreef:
> >>> We have just installed Oracle Database 11g Release 11.1.0.7.0 in a
> >>> Windows Server 2003 box. We'll be using it to develop PHP
> >>> applications with Oracle backend so:
>
> >>> 1. We haven't purchased a license
> >>> 2. There is no DBA in the house
>
> >>> With only 10g XE edition background, I'm pretty lost with user
> >>> administration. (I'm using the built-in web console.) I just need to
> >>> create users that have full access to their own schemas and no access
> >>> to system or other user's stuff. I'm currently assigning the
> >>> "CONNECT" and "RESOURCE" roles and all the system privileges but I
> >>> suppose that's way too much.
>
> >>> What permissions would be appropriate?
>
> >>> I understand it's all explained in the extensive documentation but
> >>> it's just a disposable dev box and I am not a DBA :_(
>
> >> None. You need a license.
>
> > Gasp.... Is is possible I misread the license terms or confused them
> > with the XE edition :-?
>
> http://www.oracle.com/technology/software/popup-license/standard-lice...
>
> LICENSE RIGHTS
>
> We grant you a nonexclusive, nontransferable limited license to use the
> programs only for the purpose of developing, testing, prototyping and
> demonstrating your application, and not for any other purpose. If you
> use the application you develop under this license for any internal data
> processing or for any commercial or production purposes, or you want to
> use the programs for any purpose other than as permitted under this
> agreement, you must obtain a production release version of the program
> by contacting us or an Oracle reseller to obtain the appropriate license.
>
> You may not:
>
> - use the programs for your own internal data processing or for any
> commercial or production purposes, or use the programs for any purpose
> except the development of your application;
>
> As I said, I'm not a lawyer, but what I understand from all this is that
> I cannot use an unlicensed copy of Oracle to store data but I can use it
> to write an application for a third-party that will eventually run the
> finished app against their own licensed server. I've read the word
> "Evaluation copy" nowhere in the download section... It looks like a
> sensible way to increase sales through promoting development. Am I wrong?
>
> --
> --http://alvaro.es- Álvaro G. Vicario - Burgos, Spain
> -- Mi sitio sobre programación web:http://borrame.com
> -- Mi web de humor satinado:http://www.demogracia.com
> --- Hide quoted text -
>
> - Show quoted text -
Your initial post does not explain the purpose/usage for the 11g edition so the note that you need a license was appropriate.
You should really not use the CONNECT or RESOURCE role. Instead create a small skeleton file and explicitly grant each system privilege the users need: create session, create table, alter user quota (with a limit), create procedure, etc ....
You can find the system privileges listed in table 18-1 in the 11g SQL manual.
HTH -- Mark D Powell -- Received on Tue Nov 17 2009 - 09:25:09 CST