Re: What privileges/roles are rquired to create a user


You could create an ADMIN user and grant the user the privileges :
CREATE SESSION
CREATE USER
GRANT ANY PRIVILEGE
GRANT ANY OBJECT PRIVILEGE

Thus, the ADMIN user is not a DBA (does not have the DBA role) and, itself, cannot create any objects (Tablespaces, Tables, Sequences, Packages etc) other than creating other Users. (But then ADMIN can grant any privilege to a user that it creates --- so that is a serious loophole !)

Hemant K Chitale

At 03:47 PM Thursday, you wrote:
Currently whenever we create a new user and grant that user privileges we do that as SYSDBA

We would prefer not to do this as SYSDBA

But what are the minimum privilege(s)/role(s) that a user needs to allow that user to create new users and grant them privileges?




Hemant K Chitale

http://hemantoracledba.blogspot.com




--
http://www.freelists.org/webpage/oracle-l


Other related posts: