Developer Role

Introduction

What is the Developer Role?

In oracle database 23c a new role has been introduced. The idea is, this role will have all of the permissions required to perform a developer function. So if you create a user ID for a developer to create and test their code, instead of granting them individual privilege's or a group of different roles, you instead grant them the DB_DEVELOPER_ROLE.

According to the manual, "The DB_DEVELOPER_ROLE role provides most of the system privileges, object privileges, predefined roles, PL/SQL package privileges, and tracing privileges that an application developer needs."

What permissions does the DB_DEVELOPER_ROLE have?

On my platform, Oracle 23c with no patches applied, I have the following permissions associated with the role

Permission Type of Permission
SELECT SYS.DBA_PENDING_TRANSACTIONS Object
EXECUTE SYS.JAVASCRIPT Object
READ SYS.V_$PARAMETER Object
READ SYS.V_$STATNAME Object
EXECUTE CTXSYS.CTX_ANL Object
EXECUTE CTXSYS.CTX_DDL Object
EXECUTE CTXSYS.CTX_ENTITY Object
EXECUTE CTXSYS.CTX_OUTPUT Object
EXECUTE CTXSYS.CTX_THES Object
EXECUTE CTXSYS.CTX_ULEXER Object
INSERT CTXSYS.DR$DICTIONARY Object
DELETE CTXSYS.DR$DICTIONARY Object
SELECT CTXSYS.DR$DICTIONARY Object
UPDATE CTXSYS.DR$DICTIONARY Object
INSERT CTXSYS.DR$THS Object
INSERT CTXSYS.DR$THS_BT Object
INSERT CTXSYS.DR$THS_FPHRASE Object
UPDATE CTXSYS.DR$THS_PHRASE Object
INSERT CTXSYS.DR$THS_PHRASE Object
EXECUTE CTXSYS.DRIENTL Object
EXECUTE CTXSYS.DRITHSL Object
READ XDB.JSON$USER_COLLECTION_METADATA Object
CREATE ANALYTIC VIEW System
CREATE ATTRIBUTE DIMENSION System
CREATE CUBE System
CREATE CUBE BUILD PROCESS System
CREATE CUBE DIMENSION System
CREATE DIMENSION System
CREATE DOMAIN System
CREATE HIERARCHY System
CREATE JOB System
CREATE MATERIALIZED VIEW System
CREATE MINING MODEL System
CREATE MLE System
CREATE PROCEDURE System
CREATE SEQUENCE System
CREATE SESSION System
CREATE SYNONYM System
CREATE TABLE System
CREATE TRIGGER System
CREATE TYPE System
CREATE VIEW System
DEBUG CONNECT SESSION System
EXECUTE DYNAMIC MLE System
FORCE TRANSACTION System
ON COMMIT REFRESH System
CREATE SEQUENCE System
CTXAPP Role
SODA_APP Role
EXECUTE XDB.DBMS_SODA_ADMIN Role
EXECUTE XDB.DBMS_SODA_USER_ADMIN Role

It is a rather eclectic set of permissions, some of which I must admit, I have never heard of. But for most developers I would imagine this is more than enough.

However, you do need to keep in mind, that if a developer has these permissions, he is likely to develop code that uses these permissions. In which, case you may need to ensure your production system has a matching set of permissions. For most security conscious DBAs, this may make you fell uncomfortable as it goes against the principle of "least amount of privileges".

Published 3rd October 2023

23cdatabasedb_developer_roleoraclepermissionsprivileges
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License