Why Create Session is so powerful
DBAsupport.com Forums - Powered by vBulletin
Results 1 to 5 of 5

Thread: Why Create Session is so powerful

  1. #1
    Join Date
    Aug 2000
    Location
    Shanghai
    Posts
    433

    Why Create Session is so powerful

    I did a testing .

    1. create a user UserA
    2. connect system/manager
    3. grant create session to UserA
    grant dba to UserA
    4. connect UserA
    5. create tables , views , procedures , functions , triggers ,
    snapshots , database link etc. ( all kinds of objects)
    6. connect System/manager
    7. Revoke DBA from UserA
    (So UserA has create session priviledge only )
    8. Connect UserA
    I found that UserA can now select any tables in his schema and
    do all the DML as well .
    I got a big confusion on that . because UserA has create session priviledge only .

    I guess I may make a mistake on the object priviledge and system pr
    iviledge .

    BTW , how to know the relation between different priviledges .
    I can only found the priviledges which belongs to the role .


    Thanks .
    1. www.dbasupport.com
    2. www.dbforums.com
    3. www.itpub.net
    4. www.csdn.net
    5. www.umlchina.com
    6. www.tek-tips.com
    7. www.cnforyou.com
    8. fm365.federal.com.cn
    9. www.programmersheaven.com
    10.http://msdn.microsoft.com/library/default.asp
    ligang1000@hotmail.com

  2. #2
    Join Date
    Sep 2003
    Location
    over the hill and through the woods
    Posts
    995
    Did you check to see if the role "connect" was revoked? That role is defaulted when a new user is created (at least by OEM)
    Oracle it's not just a database it's a lifestyle!
    --------------
    BTW....You need to get a girlfriend who's last name isn't .jpg

  3. #3
    Join Date
    Aug 2000
    Location
    Shanghai
    Posts
    433
    Originally posted by OracleDoc
    Did you check to see if the role "connect" was revoked? That role is defaulted when a new user is created (at least by OEM)
    it is revoked .

    Only create session remains
    1. www.dbasupport.com
    2. www.dbforums.com
    3. www.itpub.net
    4. www.csdn.net
    5. www.umlchina.com
    6. www.tek-tips.com
    7. www.cnforyou.com
    8. fm365.federal.com.cn
    9. www.programmersheaven.com
    10.http://msdn.microsoft.com/library/default.asp
    ligang1000@hotmail.com

  4. #4
    Join Date
    Dec 2000
    Location
    Ljubljana, Slovenia
    Posts
    4,439
    Nothing is strange here. Once a user *owns* an object he/she has every possible privilege on those objects. There is no way to revoke privileges from owner on his/her obejcts. No way, unless you drop those objects.

    So CREATE SESSION gives you only the abillity to connect to the database. But once you are connected, you have all the authorities ower the objects you allready own plus the privileges granted to PUBLIC.
    Jurij Modic
    ASCII a stupid question, get a stupid ANSI
    24 hours in a day .... 24 beer in a case .... coincidence?

  5. #5
    Join Date
    Aug 2000
    Location
    Shanghai
    Posts
    433
    Originally posted by jmodic
    Nothing is strange here. Once a user *owns* an object he/she has every possible privilege on those objects. There is no way to revoke privileges from owner on his/her obejcts. No way, unless you drop those objects.

    So CREATE SESSION gives you only the abillity to connect to the database. But once you are connected, you have all the authorities ower the objects you allready own plus the privileges granted to PUBLIC.
    Very Clear!
    1. www.dbasupport.com
    2. www.dbforums.com
    3. www.itpub.net
    4. www.csdn.net
    5. www.umlchina.com
    6. www.tek-tips.com
    7. www.cnforyou.com
    8. fm365.federal.com.cn
    9. www.programmersheaven.com
    10.http://msdn.microsoft.com/library/default.asp
    ligang1000@hotmail.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width