Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: CONNECT ROLE

Re: CONNECT ROLE

From: Howard J. Rogers <howardjr2000_at_yahoo.com.au>
Date: Tue, 27 Aug 2002 21:40:16 +1000
Message-ID: <3d6b64dc@dnews.tpgi.com.au> 





Niall Litchfield wrote:



> "Pete Sharman" <peter.sharman_at_oracle.com> wrote in message

> news:akdl7501qba_at_drn.newsguy.com...

> <of ditching CONNECT>


>> Unfortunately, there's one very simple reason for this.  Because we




> haven't got


>> rid of the role.  I've been pushing for getting rid of the CONNECT,




> RESOURCE and


>> DBA roles for eons (shows you how far I am up the totem pole, hey?!), but
>> unfortunately there are far too may pieces of software out there (our own




> Apps


>> product used to be one of them, not sure if it still is) that need the




> CONNECT



>> role at least to be installed correctly.  What needs to happen is for




> someone to


>> actually come out and say "These roles are going to be desupported in




> version x


>> and obsolete in version y" so that the companies that make software that




> uses


>> them have time to move to the right way of doing things.  Who knows when




> we'll


>> see that, though.  Not me!




> 

> I am not entirely sure I understand the problem with CONNECT (apart from

> the fact that it is woefully misnamed). It seems to me that it is about

> correct for accounts that wish to own tables, create data etc etc. In

> other words its pretty well equivalent to the APP_DEVELOPER role that I am

> trying to institute for my application developers. Now I fully accept that

> what it isn't is a low privilege role that allows users to connect to the

> database (hence the woeful misnaming), but *provided that DBA's know what

> privileges it has* what is so wrong with it. In other wrods is it the role

> that is wrong or the misuse of it.

> 

> Or is the argument perhaps, that there should be NO predefined roles

> whatsoever (apart from the special case of SYSDBA)?

> 





Ahem. SYSDBA is a system privilege, not a role.



But yes, you wouldn't believe the proportion of students who routinely 
raise their hands when I ask them 'do you grant connect, resource after 
creating a user".



So its a teaching/training/experience issue, I would say, not the role 
itself.



Bit like blaming the glass for being fragile when a cricket ball is batted 
through it by some delinquent child or other.



Regards


HJR










> 

> --

> Niall Litchfield

> Oracle DBA

> Audit Commission UK

> *****************************************

> Please include version and platform

> and SQL where applicable

> It makes life easier and increases the

> likelihood of a good answer

> 

> ******************************************

Received on Tue Aug 27 2002 - 06:40:16 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US