That makes perfect sense to me. I was only going by what System
Privileges are granted to the Oracle roles of the same name. Oracle
has:
CONNECT -
ALTER SESSION
CREATE CLUSTER
CREATE DATABASE LINK
CREATE SEQUENCE
CREATE SESSION
CREATE SYNONYM
CREATE TABLE
CREATE VIEW
RESOURCE -
CREATE CLUSTER
CREATE PROCEDURE
CREATE SEQUENCE
CREATE TABLE
CREATE TRIGGER
DBA -
All systems privileges WITH ADMIN OPTION
But I agree with you. When I was first learning Oracle, I thought it
strange that the CONNECT role had anything more than CREATE/ALTER
SESSION privilege.
Mike Mascari
mascarm@mascari.com
-----Original Message-----
From: Zeugswetter Andreas SB [SMTP:ZeugswetterA@wien.spardat.at]
Sent: Wednesday, May 09, 2001 3:20 AM
To: 'Bruce Momjian'; mascarm@mascari.com
Cc: Karel Zak; pgsql-hackers
Subject: AW: [HACKERS] NOCREATETABLE patch (was: Re: Please,
help!(about P ostgres))
> > The connect group would be granted these System Privileges:
If we keep it like others (e.g. Informix) this System Privilege would
be called
"resource". I like this name better, because it more describes the
detailed
priviledges.
> >
> > CREATE AGGREGATE privilege
> > CREATE INDEX privilege
> > CREATE FUNCTION privilege
> > CREATE OPERATOR privilege
> > CREATE RULE privilege
> > CREATE SESSION privilege
> > CREATE SYNONYM privilege
> > CREATE TABLE privilege
> > CREATE TRIGGER privilege
> > CREATE TYPE privilege
> > CREATE VIEW privilege
The "connect" group would only have the priviledge to connect to the
db [and
create temp tables ?] and rights they where granted, or that were
granted to public.
They would not be allowed to create anything.
Andreas