You could create an ADMIN user and grant the user the privileges : CREATE SESSION CREATE USER GRANT ANY PRIVILEGE GRANT ANY OBJECT PRIVILEGEThus, the ADMIN user is not a DBA (does not have the DBA role) and, itself, cannot create any objects (Tablespaces, Tables, Sequences, Packages etc) other than creating other Users. (But then ADMIN can grant any privilege to a user that it creates --- so that is a serious loophole !)
Hemant K Chitale At 03:47 PM Thursday, you wrote:
Currently whenever we create a new user and grant that user privileges we do that as SYSDBAWe would prefer not to do this as SYSDBABut what are the minimum privilege(s)/role(s) that a user needs to allow that user to create new users and grant them privileges?
Hemant K Chitale http://hemantoracledba.blogspot.com -- http://www.freelists.org/webpage/oracle-l