Tuesday, May 30, 2023

DB_DEVELOPER_ROLE for Developers on 23c

 Oracle 23c comes with a new role called "DB_DEVELOPER_ROLE" packed with sufficient privileges for most developers on non-production systems, rather than assigning them the DBA role which violates the least-privilege security principle.

DB_DEVELOPER_ROLE role is packed with the following privileges:

CREATE TYPE
CREATE MATERIALIZED VIEW
CREATE TRIGGER
CREATE PROCEDURE
CREATE JOB
CREATE SEQUENCE
CREATE VIEW
CREATE SYNONYM
CREATE TABLE
CREATE SESSION
CREATE DOMAIN
CREATE MLE
CREATE ANALYTIC VIEW
CREATE HIERARCHY
CREATE ATTRIBUTE DIMENSION
EXECUTE DYNAMIC MLE
CREATE CUBE BUILD PROCESS
CREATE CUBE
CREATE CUBE DIMENSION
CREATE MINING MODEL
DEBUG CONNECT SESSION
ON COMMIT REFRESH
CREATE DIMENSION
FORCE TRANSACTION
EXECUTE ON SYS.JAVASCRIPT
SELECT ON SYS.DBA_PENDING_TRANSACTIONS
READ ON SYS.V_$STATNAME
READ ON SYS.V_$PARAMETER

Reference:

https://docs.oracle.com/en/database/oracle/oracle-database/23/dbseg/managing-security-for-application-developers.html#GUID-DCEEC563-4F6C-4B0A-9EB2-9F88CDF351D7

No comments:

Post a Comment