Did you check DBA_ROLE_PRIVS for connect and BB_STAGE? Maybe something is granted there? Jeremy -----Original Message----- From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx] On Behalf Of Leo Drobnis Sent: Tuesday, November 08, 2011 10:58 AM To: Joel.Patterson@xxxxxxxxxxx; oracle-l@xxxxxxxxxxxxx Subject: RE: Default user permissions Yes, I did: select * from dba_sys_privs where grantee='BB_STAGE' no rows selected. GRANTEE GRANTED_ROLE ADMIN_OPTION ------------------------------ ------------------------------ ------------ DEFAULT_ROLE ------------ BB_STAGE CONNECT NO YES 1 row selected. select * from dba_sys_privs where grantee='CONNECT' GRANTEE PRIVILEGE ------------------------------ ---------------------------------------- ADMIN_OPTION ------------ CONNECT CREATE SESSION NO 1 row selected. select * from dba_role_privs where grantee='CONNECT' no rows selected. Also, public has no privileges... -----Original Message----- From: Joel.Patterson@xxxxxxxxxxx [mailto:Joel.Patterson@xxxxxxxxxxx] Sent: Tuesday, November 08, 2011 10:51 AM To: Leo Drobnis; oracle-l@xxxxxxxxxxxxx Subject: RE: Default user permissions Personally, I skip connect role and just grant create session; but that's besides the point. If you want minimum of permissions, why not say quota 0 on users. Are you sure you checked dba_role_privs where grantee = 'CONNECT' and dba_sys_privs? Because what you describe should not allow bb_stage to create tables without CREATE TABLE somewhere. Joel Patterson Database Administrator 904 727-2546 -----Original Message----- From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx] On Behalf Of Leo Drobnis Sent: Tuesday, November 08, 2011 10:44 AM To: ORACLE-L Subject: Default user permissions I am a bit puzzled, maybe I am getting rusty. I need to create a user with bare minimum permissions: CREATE USER bb_stage IDENTIFIED BY "password" DEFAULT TABLESPACE users TEMPORARY TABLESPACE TEMP; GRANT CONNECT TO bb_stage; ALTER USER bb_stage QUOTA UNLIMITED ON "USERS"; Connect role only has create session. Public has no privileges. However the newly created user can create and drop tables. I am trying to find where it's coming from. Any idea??? -- //www.freelists.org/webpage/oracle-l -- //www.freelists.org/webpage/oracle-l -- //www.freelists.org/webpage/oracle-l