Re: Privileges granted by roles

• From: "Yong Huang" <dmarc-noreply@xxxxxxxxxxxxx> (Redacted sender "yong321@xxxxxxxxx" for DMARC)
• To: landstander668@xxxxxxxxx, JDunn@xxxxxxxxx
• Date: Wed, 22 Apr 2015 07:41:34 -0700

One oddity to keep in mind is that granting the RESOURCE role (and also
DBA, for that matter), will silently confer a *direct* grant of the
UNLIMITED TABLESPACE system privilege
I haven't tested this under 12c, but wouldn't be at all surprised if the

Granting RESOURCE role no longer grants UNLIMITED TABLESPACE privilege behind
the scenes.
http://docs.oracle.com/database/121/DBSEG/release_changes.htm#BABEBGDI

But even without that annoying side effect, I would not grant RESOURCE unless
it's done on a playbox to save some typing. The privileges included in RESOURCE
such as
CREATE OPERATOR
CREATE CLUSTER
CREATE INDEXTYPE
are uncommon, or useless, while more useful ones such as CREATE SYNONYM, CREATE
VIEW are not included.

I have a short summary of some 12c enhancements on security, see
http://yong321.freeshell.org/oranotes/Security12cEnhanced.txt
--
//www.freelists.org/webpage/oracle-l

Other related posts:

• » Privileges granted by roles- John Dunn
• » RE: Privileges granted by roles- Sayan Sergeevich Malakshinov
• » Re: Privileges granted by roles- Tim Gorman
• » Re: Privileges granted by roles- Mladen Gogala
• » Re: Privileges granted by roles- MARK BRINSMEAD
• » Re: Privileges granted by roles- Adric Norris
• » Re: Privileges granted by roles- MARK BRINSMEAD
• » Re: Privileges granted by roles- Jeremy Schneider
• » Re: Privileges granted by roles - Yong Huang
• » Re: Privileges granted by roles- MARK BRINSMEAD

1. Home
2. oracle-l
3. Archive
4. 04-2015

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---