Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> CONNECT Role Privileges

CONNECT Role Privileges

From: DA Morgan <damorgan_at_psoug.org>
Date: Tue, 31 May 2005 10:21:22 -0700
Message-ID: <1117559953.321300@yasure> 





The following is quoted from the 10gR2 Beta document.




The connect role privilege reduction feature reduces the number of 
privileges granted to the connect role to one, the CREATE SESSION 
privilege. The privileges have been removed from the connect role:



This feature assists customers in deploying secure configurations by
helping enforce the least privilege principle.





This change may or may not be related to the comments here, and
elsewhere, with respect to the dangers related to creating users and
giving them the CONNECT role. But it makes me very happy and I have
received permission to post it here at c.d.o.server.



So be warned ... if you have been using CONNECT as the lazyman's way
of creating users with permission to connect to the database ... it
will not work the same way in the future unless you intentionally
modify the role. Hopefully no one will but rather will create their
own custom roles that reflect job titles and responsibilities.

-- 
Daniel A. Morgan
http://www.psoug.org
damorgan_at_x.washington.edu
(replace x with u to respond)


Received on Tue May 31 2005 - 12:21:22 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US