Useful Oracle Security Views

One of the cool things about oracle is that if you have the right privileges you can learn all it’s secrets from the so-called “data dictionary.”

If you’re interested in this then you probably already know what that’s about, so here are what I consider the important data dictionary views for Oracle security:

DBA_SYS_PRIVS – Probably most important, this show system privileges granted to users and roles

DBA_TAB_PRIVS – While the name implies table privileges this actually incorporates view privileges, procedures, packages and functions

DBA_COL_PRIVS – Not always used, but this view tracks grants on columns

DBA_ROLE_PRIVS – This shows who (or what roles) a role has been granted to

These views don’t seem to have changed much from 9i to 10g (or in 8i at that matter) but it is always best to check documentation for your version of Oracle.

Stay tuned for some handy queries to run on these to get quick reports on who can see what.

Technorati tags: , , , , , ,

Oracle CONNECT and RESOURCE Roles

So what exactly is in those CONNECT and RESOURCE Oracle roles? The ship with every Oracle database and many apps require they be granted. I did a little digging and found the following:

In Oracle 10gR2 things are fairly sane:
CONNECT role has only CREATE SESSION
RESOURCE has CREATE CLUSTER, CREATE INDEXTYPE, CREATE OPERATOR, CREATE PROCEDURE, CREATE SEQUENCE, CREATE TABLE, CREATE TRIGGER and CREATE TYPE

In Oracle 9iR2 things get a little scary:
CONNECT has ALTER SESSION, CREATE CLUSTER, CREATE DATABASE LINK, CREATE SEQUENCE, CREATE SESSION, CREATE SYNONYM, CREATE TABLE and CREATE VIEW. Rather a scary lot for a role called ‘connect’
RESOURCE has CREATE CLUSTER, CREATE INDEXTYPE, CREATE OPERATOR, CREATE PROCEDURE, CREATE SEQUENCE, CREATE TABLE, CREATE TRIGGER and CREATE TYPE

The admin option would allow the users to grant the privlelge to another user. Thankfully neither of these roles have the admin option in the versions of Oracle I checked.

To find these privileges you can query the DBA_SYS_PRIVS table with a query like this:

select grantee, privilege, admin_option from dba_sys_privs where grantee='CONNECT';

Of course an oracle role could also have table or column privileges granted to it, so to be thorough you should also check for entries in DBA_TAB_PRIVS and DBA_COL_PRIVS.

NOTE: You should always check these privileges in your database before granting roles as a script, application or previous DBA may have granted or revoked additional roles.

Technorati tags: , , , , , ,

Make Vol 1: Final Thoughts

Make: Vol 1I finally finished Make: Technology on Your Time, Volume 1 and I must say I am more excited about the magazine than ever. Chock full of projects like “5-in-1 Network Cable” and “How to Make a Magnetic Card Reader” I can see that, though I’ve read every word between these covers, the fun is not nearly over.

Articles about heirloom technology and backyard monorails and other crazy stuff that I can’t believe I didn’t know about already round out the magazine.

There are three impressions I would like to share about this issue. One is am astounded at the consistent quality of the articles. As I delve into issue two and three I can only hope they can maintain the quality of content. I’ll let you know.

Second, I am pleased at the level of advertising. The magazine reads more like a scholarly journal than a trendy tech magazine. There are ads, but they are few and far between, and never did I feel I was distracted from an article by them.

Finally, I was surprised to see so much reference to Macintosh and Mac OS X. Without inciting a platform war the writers have included a lot of information pertaining to OS X. Being a long-time Mac user (now cruelly forced to work on a PC by the evil overlords of… oh wait a minute, getting off topic) I was glad to see the Mac being treated as an equal, if not preferred platform.

So I’m digging straight into Volume 2 and I’ll report back more as I get through. In the meantime I am starting to gather the parts for my home-built mag-stripe reader. For more about why I just had to have this magazine, check out my original article on Make. For anyone who is still just considering buying Make, just one word. Yes.

Technorati tags: , , , ,

Seven Card Stud

I thought I would explain the rules to 7 card stud as it is the basis for many other games (e.g. Baseball.)

3 to 10 players. Use a double deck for more than 7 players.

How to play:

Each player antes. The dealer deals two cards face down and one card face up to each player. Players can now look at their face-down (hole) cards. There is a round of betting starting with the player with the highest face up card. Players can fold during any of the betting rounds if they choose not to bet.

The dealer deals one card face up to each player. There is now another round of betting starting with the player with the highest hand made with their face up cards.

Repeat two more rounds of dealing one face up card then betting. One final card is dealt face down to each player and there is a final round of betting starting again with the highest face up hand.

After the final round of betting players should make their best five card hand out of their seven cards. Each player reveals their hand and the player with the best poker hand wins the pot.

Variation: Five card stud is played with the same rules, but after the initial two up, one down deal there is one more card dealt face up and one face down. There is a final bet and then the reveal. In 5 card stud players use all their cards.

Technorati tags: , , , , ,