Oracle CONNECT and RESOURCE Roles

So what exactly is in those CONNECT and RESOURCE Oracle roles? The ship with every Oracle database and many apps require they be granted. I did a little digging and found the following:

In Oracle 10gR2 things are fairly sane:
CONNECT role has only CREATE SESSION
RESOURCE has CREATE CLUSTER, CREATE INDEXTYPE, CREATE OPERATOR, CREATE PROCEDURE, CREATE SEQUENCE, CREATE TABLE, CREATE TRIGGER and CREATE TYPE

In Oracle 9iR2 things get a little scary:
CONNECT has ALTER SESSION, CREATE CLUSTER, CREATE DATABASE LINK, CREATE SEQUENCE, CREATE SESSION, CREATE SYNONYM, CREATE TABLE and CREATE VIEW. Rather a scary lot for a role called ‘connect’
RESOURCE has CREATE CLUSTER, CREATE INDEXTYPE, CREATE OPERATOR, CREATE PROCEDURE, CREATE SEQUENCE, CREATE TABLE, CREATE TRIGGER and CREATE TYPE

The admin option would allow the users to grant the privlelge to another user. Thankfully neither of these roles have the admin option in the versions of Oracle I checked.

To find these privileges you can query the DBA_SYS_PRIVS table with a query like this:

select grantee, privilege, admin_option from dba_sys_privs where grantee='CONNECT';

Of course an oracle role could also have table or column privileges granted to it, so to be thorough you should also check for entries in DBA_TAB_PRIVS and DBA_COL_PRIVS.

NOTE: You should always check these privileges in your database before granting roles as a script, application or previous DBA may have granted or revoked additional roles.

Technorati tags: , , , , , ,

Oracle Optimal Flexible Architecture

Originally written in 1990, the Optimal Flexible Architecture (OFA) whitepaper still stands as the best-practices for oracle databases. In my time as an Oracle database administrator I have often seen DBAs using these standards, having learned them from senior DBAs, who did not realize the OFA standard exists.

Cary V. Millsap of Oracle Corp. offers this description in this distribution of the whitepaper:

The OFA Standard is a set of configuration guidelines that will give you faster, more reliable Oracle databases that require less work to maintain. The OFA Standard is written by the founder of the Oracle team responsible for installing, tuning, and upgrading several hundreds of sites worldwide since 1990—this paper is based on the best practices of those hundreds of sites. Today the “Optimal Flexible Architecture’’ described in the OFA Standard is built into the Oracle configuration tools and documentation on all open systems ports.

The benifits of the OFA standard go beyond performance and stability. When I started at Plymouth State University 18 months ago I quickly recognized the signs of an OFA environment (mostly partitions named /u01 and /u02.) Having identified that, I immediately knew where to find nearly all data and configuration files.

The guidelines that OFA provides can be easily adapted to other modern multi-user applications including web servers, application servers and other breeds of database. I offer the OFA whitepaper here as I have found it increasingly difficult to find on the web.

The OFA Standard-Oracle for Open Systems

oracle, sql, dba, database administration, database development, database security, database, oracle security