Comments on: Oracle CONNECT and RESOURCE Roles http://www.lifeaftercoffee.com/2005/08/29/oracle-connect-and-resource-roles/ because I don't believe in life before coffee... Wed, 23 Nov 2011 03:01:12 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Stephen George http://www.lifeaftercoffee.com/2005/08/29/oracle-connect-and-resource-roles/comment-page-1/#comment-366641 Stephen George Thu, 31 Jan 2008 04:40:03 +0000 http://www.lifeaftercoffee.com/?p=42#comment-366641 A clean Oracle 10gR2 (linux) role connect only has create session privs. However applications can add sys privs to the role. The moral of the story is only give people the system priv create session or create your own connect role if you want a secure system. select grantee,privilege,admin_option from dba_sys_privs where grantee='CONNECT'; GRANTEE PRIVILEGE ADM ------------------------------ ---------------------------------------- --- CONNECT CREATE SESSION NO A clean Oracle 10gR2 (linux) role connect only has create session privs.
However applications can add sys privs to the role.

The moral of the story is only give people the system priv create session or create your own connect role if you want a secure system.

select grantee,privilege,admin_option from dba_sys_privs where grantee=’CONNECT’;

GRANTEE PRIVILEGE ADM
—————————— —————————————- —
CONNECT CREATE SESSION NO

]]> By: marcexx66 http://www.lifeaftercoffee.com/2005/08/29/oracle-connect-and-resource-roles/comment-page-1/#comment-249738 marcexx66 Thu, 19 Jul 2007 22:26:24 +0000 http://www.lifeaftercoffee.com/?p=42#comment-249738 the resource rol also includes <strong>unlimited tablespace </strong>privilege (10g). the resource rol also includes unlimited tablespace privilege (10g).

]]> By: Andrew Channels Dexter Pinion » Dont Use Default Roles in Oracle Databases http://www.lifeaftercoffee.com/2005/08/29/oracle-connect-and-resource-roles/comment-page-1/#comment-17028 Andrew Channels Dexter Pinion » Dont Use Default Roles in Oracle Databases Wed, 13 Dec 2006 23:39:48 +0000 http://www.lifeaftercoffee.com/?p=42#comment-17028 [...] Oracle seems to have addressed this in 10g2, at least according to this this blog post and my observation. Now, granting the ‘CONNECT’ role is exactly the same as explicitly granting the ‘CREATE SESSION’ privilege and the ‘RESOURCE’ role has a more reasonable list of privileges. [...] [...] Oracle seems to have addressed this in 10g2, at least according to this this blog post and my observation. Now, granting the ‘CONNECT’ role is exactly the same as explicitly granting the ‘CREATE SESSION’ privilege and the ‘RESOURCE’ role has a more reasonable list of privileges. [...]

]]> By: Serhii http://www.lifeaftercoffee.com/2005/08/29/oracle-connect-and-resource-roles/comment-page-1/#comment-4917 Serhii Thu, 07 Sep 2006 14:10:36 +0000 http://www.lifeaftercoffee.com/?p=42#comment-4917 Uma, if you follow http://forums.oracle.com/forums/message.jspa?messageID=1271340 and read posted: Apr 15, 2006 6:14 PM and Apr 15, 2006 9:44 PM you'll find similar problem and decision. Hope it would help you if it is not too late ;) Uma, if you follow
http://forums.oracle.com/forums/message.jspa?messageID=1271340

and read posted: Apr 15, 2006 6:14 PM and Apr 15, 2006 9:44 PM

you’ll find similar problem and decision. Hope it would help you if it is not too late ;)

]]> By: Jon http://www.lifeaftercoffee.com/2005/08/29/oracle-connect-and-resource-roles/comment-page-1/#comment-155 Jon Wed, 18 Jan 2006 21:01:09 +0000 http://www.lifeaftercoffee.com/?p=42#comment-155 Uma, that is a strange issue. ORA-1031 seems to be a username/password related error. Here's what Oracle has to say about the error: Error: ORA 1031 Text: insufficient privileges ------------------------------------------------------------------------------- Cause: An attempt was made to change the current username or password without the appropriate privilege. This error also occurs if attempting to UPDATE a table with only SELECT privileges, if attempting to CONNECT INTERNAL, or if attempting to install a database without the necessary operating system privileges. Action: Ask the database administrator to perform the operation or grant the required privileges. What does the dynamic SQL do? Anything with changing usernames or passwords? I am not sure why granting create procedure would have solved the issue, but I would guess there was something else going on here. Uma, that is a strange issue. ORA-1031 seems to be a username/password related error. Here’s what Oracle has to say about the error:

Error: ORA 1031
Text: insufficient privileges
——————————————————————————-
Cause: An attempt was made to change the current username or password without
the appropriate privilege. This error also occurs if attempting to
UPDATE a table with only SELECT privileges, if attempting to CONNECT
INTERNAL, or if attempting to install a database without the necessary
operating system privileges.
Action: Ask the database administrator to perform the operation or grant the
required privileges.

What does the dynamic SQL do? Anything with changing usernames or passwords? I am not sure why granting create procedure would have solved the issue, but I would guess there was something else going on here.

]]> By: Uma Lakshman http://www.lifeaftercoffee.com/2005/08/29/oracle-connect-and-resource-roles/comment-page-1/#comment-154 Uma Lakshman Wed, 18 Jan 2006 20:06:48 +0000 http://www.lifeaftercoffee.com/?p=42#comment-154 We had a strange issue after upgrading to 10GR2. Though create procedure privilege is not part of the connect role. Our procedures with dynamic DDL stopped working with ORA-1031. We had to explicitly grant create procedure to th user. Create any procedure did not work either. Any clues why ? We had a strange issue after upgrading to 10GR2. Though create procedure privilege is not part of the connect role. Our procedures with dynamic DDL stopped working with ORA-1031. We had to explicitly grant create procedure to th user. Create any procedure did not work either. Any clues why ?

]]>