Don, ... and what privilege was introduced with 11g in order to support access control lists for packages such as utl_tcp, utl_smtp? "its baaaack". connect. Brilliant. Paul On Tue, Nov 8, 2011 at 12:21 PM, Don Granaman <DonGranaman@xxxxxxxxxxxxxxx>wrote: > It is been the advice of Oracle Corp and the security community for many > years to NOT use the connect and resource roles. In older versions of > Oracle prior to 10g, the CONNECT role granted a LOT more than "create > session". If you want to grant "create session", do so - and avoid using > these roles altogether. > > RESOURCE is worse. Even in 10g, it grants unlimited tablespace. > > > Don Granaman | Phone: 402-361-3073 | Cell: 402-960-6955 | Fax: > 402-361-3173 | Solutionary | Relevant . Intelligent . Security > > > -----Original Message----- > From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx] > On Behalf Of Leo Drobnis > Sent: Tuesday, November 08, 2011 9:44 AM > To: ORACLE-L > Subject: Default user permissions > > I am a bit puzzled, maybe I am getting rusty. > > > I need to create a user with bare minimum permissions: > > > > CREATE USER bb_stage > > IDENTIFIED BY "password" > > DEFAULT TABLESPACE users > > TEMPORARY TABLESPACE TEMP; > > GRANT CONNECT TO bb_stage; > > ALTER USER bb_stage QUOTA UNLIMITED ON "USERS"; > > > > Connect role only has create session. > > Public has no privileges. > > > > However the newly created user can create and drop tables. > > > > I am trying to find where it's coming from. > > > > Any idea??? > > > -- > //www.freelists.org/webpage/oracle-l > > > -- > //www.freelists.org/webpage/oracle-l > > > -- //www.freelists.org/webpage/oracle-l