[Previous entry: "Database Vendors Shouldn't Kill the Messenger"] [Next entry: "Joshua Wright has provided a free tool to check Oracle accounts for common passwords"]
10gR2 the CONNECT role has finally been sanitized
August 6th, 2005 by Pete
Post to del.icio.us
Post to Furl
I saw on Nialls blog yesterday in an entry titled "Connected Thinking" that the CONNECT role has finally been corrected by Oracle to do what it says on the tin - i.e. simply allow a user granted it to connect. That's right it now only has the system privilege CREATE SESSION. This is a welcome change and as Niall points out it will break a lot of existing third party and home grown applications when they are connected to 10gr2.
I (and a lot of others) have been suggesting this change for years and finally Oracle has listened to us all. Let’s hope that they now do something about the RESOURCE role as well. It was rumoured that the CONNECT and RESOURCE roles had been deprecated and would be removed although I have never found this in writing.
The fact that CONNECT now only has the CREATE SESSION privilege would imply that Oracle have done a lot of testing with all of the default and example accounts that ion the past have been granted this role. Do these examples now work? - Only time will tell.
If you have previously used the CONNECT role then now is the time to start and look at the real privileges your applications need and to correct them.
