Re: Privileges granted by roles

From: Yong Huang <yong321_at_yahoo.com>
Date: Wed, 22 Apr 2015 07:41:34 -0700
Message-ID: <1429713694.89296.YahooMailBasic_at_web184805.mail.gq1.yahoo.com>

> One oddity to keep in mind is that granting the RESOURCE role (and also
> DBA, for that matter), will silently confer a *direct* grant of the
> UNLIMITED TABLESPACE system privilege
> I haven't tested this under 12c, but wouldn't be at all surprised if the

Granting RESOURCE role no longer grants UNLIMITED TABLESPACE privilege behind the scenes. http://docs.oracle.com/database/121/DBSEG/release_changes.htm#BABEBGDI

But even without that annoying side effect, I would not grant RESOURCE unless it's done on a playbox to save some typing. The privileges included in RESOURCE such as CREATE OPERATOR
CREATE CLUSTER
CREATE INDEXTYPE
are uncommon, or useless, while more useful ones such as CREATE SYNONYM, CREATE VIEW are not included.

I have a short summary of some 12c enhancements on security, see http://yong321.freeshell.org/oranotes/Security12cEnhanced.txt

--
http://www.freelists.org/webpage/oracle-l

Received on Wed Apr 22 2015 - 16:41:34 CEST

This message: [ Message body ]
Next message: Hans Forbrich: "Re: Cron management..."
Previous message: Chris Taylor: "Question about XML schema - registration/creation date anywhere?"
Maybe in reply to: John Dunn: "Privileges granted by roles"
Next in thread: MARK BRINSMEAD: "Re: Privileges granted by roles"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message