One oddity to keep in mind is that granting the RESOURCE role (and also
DBA, for that matter), will silently confer a *direct* grant of the
UNLIMITED TABLESPACE system privilege. Here's a quick example from 11.2.0.4
on Linux.
[SYSTEM@mydb] SQL> create user test identified by ThunderCougarFalconBird;
User created.
[SYSTEM@mydb] SQL> grant resource to test;
Grant succeeded.
[SYSTEM@mydb] SQL> select privilege from dba_sys_privs where grantee =
'TEST';
PRIVILEGE
----------------------------------------
UNLIMITED TABLESPACE
I dislike side-effects, so my recommendation would be to create
app-specific roles holding the necessary privileges, and avoid granting
either RESOURCE or DBA.
I haven't tested this under 12c, but wouldn't be at all surprised if the
behaviour is still present. It's been like that in every release I've
worked with to date.