RE: Default user permissions

From: Don Granaman <DonGranaman_at_solutionary.com>
Date: Tue, 8 Nov 2011 11:21:28 -0600
Message-ID: <FD98CB0EE75EEA438CAF4DA2E6071C420EAD4F8EA3_at_MAIL.solutionary.com>

It is been the advice of Oracle Corp and the security community for many years to NOT use the connect and resource roles. In older versions of Oracle prior to 10g, the CONNECT role granted a LOT more than "create session". If you want to grant "create session", do so - and avoid using these roles altogether.

RESOURCE is worse. Even in 10g, it grants unlimited tablespace.

-----Original Message-----

From: oracle-l-bounce_at_freelists.org [mailto:oracle-l-bounce_at_freelists.org] On Behalf Of Leo Drobnis Sent: Tuesday, November 08, 2011 9:44 AM To: ORACLE-L
Subject: Default user permissions

I am a bit puzzled, maybe I am getting rusty.

I need to create a user with bare minimum permissions:

CREATE USER bb_stage

IDENTIFIED BY "password"

DEFAULT TABLESPACE users

TEMPORARY TABLESPACE TEMP; GRANT CONNECT TO bb_stage;

ALTER USER bb_stage QUOTA UNLIMITED ON "USERS";

Connect role only has create session.

Public has no privileges.

However the newly created user can create and drop tables.

I am trying to find where it's coming from.

Any idea???

--

http://www.freelists.org/webpage/oracle-l

--

http://www.freelists.org/webpage/oracle-l Received on Tue Nov 08 2011 - 11:21:28 CST

This message: [ Message body ]
Next message: Don Granaman: "RE: Default user permissions"
Previous message: Leo Drobnis: "RE: Default user permissions"
In reply to: Leo Drobnis: "Default user permissions"
Next in thread: Paul Drake: "Re: Default user permissions"
Reply: Paul Drake: "Re: Default user permissions"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message