Security -> DCL (Data Control Language) for a DB point of view DB Users 1) is the DBA ("god") installing Oracle patching the DB creating users backup/restore etc 2) an Appl Owner (World/Customer) this account is used to create DB objects this account should NOT be used in appl code nor in day to day queries 3) appl user/role accounts for example I create an account that has READ ONLY access to the HR schema or a READ WRITE account to the Sales schema this means I need to PLAN to user access this also means I have a major issue... who are the users and what can they do managing users can lead to a LOT of work so Oracle has a concept of ROLE I can assign DB permission to a ROLE that assign that ROLE to a user (or group of Users) Oracle can connect to external user management like Microsoft Active Directory or x.500 tools ------------------------------------------------------- Security in Database works like this... we have a number of Roles, we then match User ID to Roles Roles: DBA -> this is the manager of the Server installation managing Production Support DBA Application Development Support DBA Application Owner -> this is the account used to create DB objects Tables/View/Function/etc this create a Schema under the Appl Owner Id Read Only Account -> these are used to access selected Schemas Read/Write Account --------------------------------------------------------------------------------- Prod w/ Oracle installed Project for Rel 2.x w/ a dev/test Oracle installation ------------------------------------------------------------------------------- An Oracle installation has: 1) the Server -> IP address to the server 2) 1 or more Databases -> PDB1 3) Schema 4) Table/Views/Function/etc