Account Options

  1. Sign in
The old Google Groups will be going away soon, but your browser is incompatible with the new version.
Google Groups Home
« Groups Home
comp.databases.oracle.server
+ new post
About this group
Subscribe to this group
This is a Usenet group - learn more
Another 11gr2 oddity...
Options
There are currently too many topics in this group that display first. To make this topic appear first, remove this option from another topic.
There was an error processing your request. Please try again.
flag
   9 messages - Collapse all  -  Translate all to Translated (View all originals)
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 
From:
To:
Cc:
Followup To:
Add Cc | Add Followup-to | Edit Subject
Subject:
Validation:
For verification purposes please type the characters you see in the picture below or the numbers you hear by clicking the accessibility icon. Listen and type the numbers you hear
 
Noons  
View profile  
 More options Jun 26 2012, 8:35 pm
Newsgroups: comp.databases.oracle.server
From: Noons <wizofo...@gmail.com>
Date: Tue, 26 Jun 2012 17:35:12 -0700 (PDT)
Local: Tues, Jun 26 2012 8:35 pm
Subject: Another 11gr2 oddity...
Print | Individual message | Show original | Report this message | Find messages by this author
11.2.0.3 upgraded from 10.2.0.3 via standard dbua:

SQL> select * from dba_sys_privs
where grantee = 'RESOURCE';  2

GRANTEE
PRIVILEGE                                ADM
------------------------------
---------------------------------------- ---
RESOURCE                       CREATE
TRIGGER                           NO
RESOURCE                       CREATE
SEQUENCE                          NO
RESOURCE                       CREATE
CLUSTER                           NO
RESOURCE                       CREATE
TYPE                              NO
RESOURCE                       CREATE
PROCEDURE                         NO
RESOURCE                       CREATE
TABLE                             NO
RESOURCE                       CREATE
INDEXTYPE                         NO
RESOURCE                       CREATE
OPERATOR                          NO

Original 10.2.0.3:

SQL> select * from dba_sys_privs
where grantee = 'RESOURCE';  2

GRANTEE
PRIVILEGE                                ADM
------------------------------
---------------------------------------- ---
RESOURCE                       CREATE
VIEW                              NO
RESOURCE                       CREATE
TRIGGER                           NO
RESOURCE                       CREATE
SEQUENCE                          NO
RESOURCE                       CREATE
CLUSTER                           NO
RESOURCE                       CREATE
TYPE                              NO
RESOURCE                       CREATE
PROCEDURE                         NO
RESOURCE                       CREATE
TABLE                             NO
RESOURCE                       CREATE
INDEXTYPE                         NO
RESOURCE                       CREATE
OPERATOR                          NO

Notice anything missing in the 11.2.0.3 resource role after the
upgrade?
Ah yes, it's a "feature". Like, the size of a bus?
(...patience, Nuno, patience...)


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Matthias Hoys  
View profile  
 More options Jun 27 2012, 7:07 am
Newsgroups: comp.databases.oracle.server
From: Matthias Hoys <matthias.h...@gmail.com>
Date: Wed, 27 Jun 2012 04:07:24 -0700 (PDT)
Local: Wed, Jun 27 2012 7:07 am
Subject: Re: Another 11gr2 oddity...
Print | Individual message | Show original | Report this message | Find messages by this author

It's strange that they took only the CREATE VIEW privilege away... is this some kind of security measure?

Matthias


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
ddf  
View profile  
 More options Jun 27 2012, 11:59 am
Newsgroups: comp.databases.oracle.server
From: ddf <orat...@msn.com>
Date: Wed, 27 Jun 2012 08:59:27 -0700 (PDT)
Local: Wed, Jun 27 2012 11:59 am
Subject: Re: Another 11gr2 oddity...
Print | Individual message | Show original | Report this message | Find messages by this author
On Jun 27, 5:07 am, Matthias Hoys <matthias.h...@gmail.com> wrote:

For a long time now Oracle has hinted that RESOURCE was not the role
to be granting to people and that explicit grants or other roles
should be used.  I suppose this is one way to prod people into
creating their own general-purpose roles for basic privileges.

David Fitzjarrell


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Mark D Powell  
View profile  
 More options Jun 27 2012, 4:17 pm
Newsgroups: comp.databases.oracle.server
From: Mark D Powell <Mark.Powe...@hp.com>
Date: Wed, 27 Jun 2012 13:17:03 -0700 (PDT)
Local: Wed, Jun 27 2012 4:17 pm
Subject: Re: Another 11gr2 oddity...
Print | Individual message | Show original | Report this message | Find messages by this author

I wish Oracle had treated the role the same way connect was treated, i.e., remove all privileges except create session.

IMHO -- Mark D Powell --


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
John Hurley  
View profile  
 More options Jun 27 2012, 8:09 pm
Newsgroups: comp.databases.oracle.server
From: John Hurley <johnthehur...@gmail.com>
Date: Wed, 27 Jun 2012 17:09:29 -0700 (PDT)
Local: Wed, Jun 27 2012 8:09 pm
Subject: Re: Another 11gr2 oddity...
Print | Individual message | Show original | Report this message | Find messages by this author
David:

# For a long time now Oracle has hinted that RESOURCE was not the role
to be granting to people and that explicit grants or other roles
should be used.

Bingo ... long time back ... still does not stop one from being
surprised when they finally do something though.

# I suppose this is one way to prod people into creating their own
general-purpose roles for basic privileges.

One could and probably should hypothesize that all user sessions
connecting into the database only be granted roles that do not depend
on any of the oracle created roles.

One could and probably should also contend that DBA and SYSDBA roles
are so unique that granting access to those roles is an exception.


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Mladen Gogala  
View profile  
 More options Jun 27 2012, 11:17 pm
Newsgroups: comp.databases.oracle.server
From: Mladen Gogala <gogala.mla...@gmail.com>
Date: Thu, 28 Jun 2012 03:17:55 +0000 (UTC)
Local: Wed, Jun 27 2012 11:17 pm
Subject: Re: Another 11gr2 oddity...
Print | Individual message | Show original | Report this message | Find messages by this author

On Tue, 26 Jun 2012 17:35:12 -0700, Noons wrote:
> Notice anything missing in the 11.2.0.3 resource role after the upgrade?

Who needs views? Views are sooooo 20-th century, we live in the 21st
century. Real men use computed virtual columns, not views.

--
http://mgogala.byethost5.com


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Noons  
View profile  
 More options Jun 28 2012, 8:06 am
Newsgroups: comp.databases.oracle.server
From: Noons <wizofo...@yahoo.com.au>
Date: Thu, 28 Jun 2012 22:06:48 +1000
Local: Thurs, Jun 28 2012 8:06 am
Subject: Re: Another 11gr2 oddity...
Print | Individual message | Show original | Report this message | Find messages by this author
ddf wrote,on my timestamp of 28/06/2012 1:59 AM:

> For a long time now Oracle has hinted that RESOURCE was not the role
> to be granting to people and that explicit grants or other roles
> should be used.  I suppose this is one way to prod people into
> creating their own general-purpose roles for basic privileges.

Sure.  But last time I looked, it's listed as a valid role in various of their
own manuals. I don't give a hoot about "hints"  until they make a show in the
doco, black on white. Or else we might all start carrying weapons?
This is just SLACK QA, quite frankly. And don't anyone please mention "doco
error": that one is a classic...

 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Noons  
View profile  
 More options Jun 28 2012, 8:07 am
Newsgroups: comp.databases.oracle.server
From: Noons <wizofo...@yahoo.com.au>
Date: Thu, 28 Jun 2012 22:07:48 +1000
Local: Thurs, Jun 28 2012 8:07 am
Subject: Re: Another 11gr2 oddity...
Print | Individual message | Show original | Report this message | Find messages by this author
Mladen Gogala wrote,on my timestamp of 28/06/2012 1:17 PM:

> On Tue, 26 Jun 2012 17:35:12 -0700, Noons wrote:

>> Notice anything missing in the 11.2.0.3 resource role after the upgrade?

> Who needs views? Views are sooooo 20-th century, we live in the 21st
> century. Real men use computed virtual columns, not views.

Hehehe!  Good one.  Dang, I forgot!

 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Noons  
View profile  
 More options Jun 28 2012, 8:10 am
Newsgroups: comp.databases.oracle.server
From: Noons <wizofo...@yahoo.com.au>
Date: Thu, 28 Jun 2012 22:10:23 +1000
Local: Thurs, Jun 28 2012 8:10 am
Subject: Re: Another 11gr2 oddity...
Print | Individual message | Show original | Report this message | Find messages by this author
Mark D Powell wrote,on my timestamp of 28/06/2012 6:17 AM:

> I wish Oracle had treated the role the same way connect was treated, i.e., remove all privileges except create session.

Why mangle it then?  Either be done with it, remove it from doco, and make an
OFFICIAL note that it MUST not be used, or else stop the bull that it's somehow
the dba's fault that Oracle don't know how to handle their own default security.

 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
End of messages
« Back to Discussions « Newer topic     Older topic »

Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2013 Google