RE: Default user permissions

From: <Joel.Patterson_at_crowley.com>
Date: Tue, 8 Nov 2011 10:51:09 -0500
Message-ID: <C95D75DD2E01DD4D81124D104D317ACA1B89A7A7EC_at_JAXMSG01.crowley.com>

Personally, I skip connect role and just grant create session; but that's besides the point. If you want minimum of permissions, why not say quota 0 on users.

Are you sure you checked dba_role_privs where grantee = 'CONNECT' and dba_sys_privs? Because what you describe should not allow bb_stage to create tables without CREATE TABLE somewhere.

Joel Patterson
Database Administrator
904 727-2546

-----Original Message-----

From: oracle-l-bounce_at_freelists.org [mailto:oracle-l-bounce_at_freelists.org] On Behalf Of Leo Drobnis Sent: Tuesday, November 08, 2011 10:44 AM To: ORACLE-L
Subject: Default user permissions

I am a bit puzzled, maybe I am getting rusty.

I need to create a user with bare minimum permissions:

CREATE USER bb_stage

IDENTIFIED BY "password"

DEFAULT TABLESPACE users

TEMPORARY TABLESPACE TEMP; GRANT CONNECT TO bb_stage;

ALTER USER bb_stage QUOTA UNLIMITED ON "USERS";

Connect role only has create session.

Public has no privileges.

However the newly created user can create and drop tables.

I am trying to find where it's coming from.

Any idea???

--

http://www.freelists.org/webpage/oracle-l

--

http://www.freelists.org/webpage/oracle-l Received on Tue Nov 08 2011 - 09:51:09 CST

This message: [ Message body ]
Next message: Leo Drobnis: "RE: Default user permissions"
Previous message: Leo Drobnis: "Default user permissions"
In reply to: Leo Drobnis: "Default user permissions"
Next in thread: Leo Drobnis: "RE: Default user permissions"
Reply: Leo Drobnis: "RE: Default user permissions"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message