Friday, March 21, 2008

ORACLE-BASE - Schema Owners and Application Users

ORACLE-BASE - Schema Owners and Application Users: "In the context of this article, the schema owner represents the Oracle user that owns all your database objects, while application users are Oracle users that need access to those schema objects.

Allowing applications to make direct connections to the schema owner is a bad idea because it gives those applications far to many privileges, which can easily result in damage to your data and the objects themselves. Instead, it is better to define application users and grant those users the necessary privileges on the schema owners objects.

This article presents two methods for achieving this separation and highlights their pros and cons. For simplicities sake I've only defined two roles, but you can define as many roles as you wish, making the security as granular as you need for each type of application user."