Connect is a role not a privilege

I was checking our database security policy at work today when I came across something that confused me for a little while.

It said that you should not grant the CONNECT role to non-DBA users. My first thought was ‘hang on, if I don’t give users the CONNECT role, they won’t be able to connect to the database’. I wondered about this for a while and then did a little digging and found out that of course CONNECT is a role, where as you only need the CREATE SESSION privilege to connection to the database.

Until version 10.2 the CONNECT role contained a bunch of other privileges that you may or may not want to give users. In our case, apparently we don’t.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s