Pete Finnigan's Oracle Security Forum
        (http://www.petefinnigan.com/forum/yabb/YaBB.cgi)
      

        Oracle Security >> Oracle Security >> Password-protected role NOT default in 11g
        
(Message started by: Pete Finnigan on Jul 9th, 2009, 6:28pm)
Title: Password-protected role NOT default in 11g
Post by Pete Finnigan on Jul 9th, 2009, 6:28pm
Hi,

We have been using password protected default roles since Oracle 7.3.4.  The role has always been automatically set upon login.  The 11.1 SQL Language Reference states: "Oracle Database enables default roles at logon without requiring the user to specify their passwords or otherwise be authenticated."  And Bug 7506404 (titled - PASSWORD PROTECTED ROLES DON'T WORK ANYMORE AS DEFAULT IN 11.1.0.7) has a status: Closed, Not a Bug.  These seem to be contradictory.  
Does anyone know why this capability has changed and whether it is documented anywhere?

Thanks, Tom
Title: Re: Password-protected role NOT default in 11g
Post by Pete Finnigan on Aug 4th, 2009, 7:31pm
In Oracle's analysis of the bug mentioned, it shows its testing.  It creates a role, grants create table to the role, and grants the role to a user.  The user logs in and tries to create a table, and gets the insufficient privileges error.  Their own test proves the default role/password function is broken!! HOW IS THIS NOT A BUG??!  


Powered by YaBB 1 Gold - SP 1.4!
Forum software copyright © 2000-2004 Yet another Bulletin Board