Re: Another 11gr2 oddity...
From: ddf <oratune_at_msn.com>
Date: Wed, 27 Jun 2012 08:59:27 -0700 (PDT)
Message-ID: <9a3e40dc-967f-4f6f-948c-e6b3f2cebb4b_at_wt8g2000pbb.googlegroups.com>
On Jun 27, 5:07 am, Matthias Hoys <matthias.h..._at_gmail.com> wrote:
> On Wednesday, June 27, 2012 2:35:12 AM UTC+2, Noons wrote:
> > 11.2.0.3 upgraded from 10.2.0.3 via standard dbua:
>
> > SQL> select * from dba_sys_privs
> > where grantee = 'RESOURCE'; 2
>
> > GRANTEE
> > PRIVILEGE ADM
> > ------------------------------
> > ---------------------------------------- ---
> > RESOURCE CREATE
> > TRIGGER NO
> > RESOURCE CREATE
> > SEQUENCE NO
> > RESOURCE CREATE
> > CLUSTER NO
> > RESOURCE CREATE
> > TYPE NO
> > RESOURCE CREATE
> > PROCEDURE NO
> > RESOURCE CREATE
> > TABLE NO
> > RESOURCE CREATE
> > INDEXTYPE NO
> > RESOURCE CREATE
> > OPERATOR NO
>
> > Original 10.2.0.3:
>
> > SQL> select * from dba_sys_privs
> > where grantee = 'RESOURCE'; 2
>
> > GRANTEE
> > PRIVILEGE ADM
> > ------------------------------
> > ---------------------------------------- ---
> > RESOURCE CREATE
> > VIEW NO
> > RESOURCE CREATE
> > TRIGGER NO
> > RESOURCE CREATE
> > SEQUENCE NO
> > RESOURCE CREATE
> > CLUSTER NO
> > RESOURCE CREATE
> > TYPE NO
> > RESOURCE CREATE
> > PROCEDURE NO
> > RESOURCE CREATE
> > TABLE NO
> > RESOURCE CREATE
> > INDEXTYPE NO
> > RESOURCE CREATE
> > OPERATOR NO
>
> > Notice anything missing in the 11.2.0.3 resource role after the
> > upgrade?
> > Ah yes, it's a "feature". Like, the size of a bus?
> > (...patience, Nuno, patience...)
>
> It's strange that they took only the CREATE VIEW privilege away... is this some kind of security measure?
>
> Matthias- Hide quoted text -
>
> - Show quoted text -
Date: Wed, 27 Jun 2012 08:59:27 -0700 (PDT)
Message-ID: <9a3e40dc-967f-4f6f-948c-e6b3f2cebb4b_at_wt8g2000pbb.googlegroups.com>
On Jun 27, 5:07 am, Matthias Hoys <matthias.h..._at_gmail.com> wrote:
> On Wednesday, June 27, 2012 2:35:12 AM UTC+2, Noons wrote:
> > 11.2.0.3 upgraded from 10.2.0.3 via standard dbua:
>
> > SQL> select * from dba_sys_privs
> > where grantee = 'RESOURCE'; 2
>
> > GRANTEE
> > PRIVILEGE ADM
> > ------------------------------
> > ---------------------------------------- ---
> > RESOURCE CREATE
> > TRIGGER NO
> > RESOURCE CREATE
> > SEQUENCE NO
> > RESOURCE CREATE
> > CLUSTER NO
> > RESOURCE CREATE
> > TYPE NO
> > RESOURCE CREATE
> > PROCEDURE NO
> > RESOURCE CREATE
> > TABLE NO
> > RESOURCE CREATE
> > INDEXTYPE NO
> > RESOURCE CREATE
> > OPERATOR NO
>
> > Original 10.2.0.3:
>
> > SQL> select * from dba_sys_privs
> > where grantee = 'RESOURCE'; 2
>
> > GRANTEE
> > PRIVILEGE ADM
> > ------------------------------
> > ---------------------------------------- ---
> > RESOURCE CREATE
> > VIEW NO
> > RESOURCE CREATE
> > TRIGGER NO
> > RESOURCE CREATE
> > SEQUENCE NO
> > RESOURCE CREATE
> > CLUSTER NO
> > RESOURCE CREATE
> > TYPE NO
> > RESOURCE CREATE
> > PROCEDURE NO
> > RESOURCE CREATE
> > TABLE NO
> > RESOURCE CREATE
> > INDEXTYPE NO
> > RESOURCE CREATE
> > OPERATOR NO
>
> > Notice anything missing in the 11.2.0.3 resource role after the
> > upgrade?
> > Ah yes, it's a "feature". Like, the size of a bus?
> > (...patience, Nuno, patience...)
>
> It's strange that they took only the CREATE VIEW privilege away... is this some kind of security measure?
>
> Matthias- Hide quoted text -
>
> - Show quoted text -
For a long time now Oracle has hinted that RESOURCE was not the role to be granting to people and that explicit grants or other roles should be used. I suppose this is one way to prod people into creating their own general-purpose roles for basic privileges.
David Fitzjarrell Received on Wed Jun 27 2012 - 10:59:27 CDT