Database users and security
Properly identifying database users allows to use database security and audit features.
To get the benefit of the database server security features, you should identify each physical user as a database user.
Some applications use a single database user for different end users, to avoid user management and connection issues in the database. This is not good practice, because all user-related features of the database are unusable. Furthermore, the single db user often has all database privileges and thus can lead in security issues.
According to the type of server, you must do this steps to create a database user:
- Define the user as an operating system user.
- Declare the user in the database server.
- Grant database access privileges.
Each database server has its specific users management and data access privilege mechanisms. Check the vendor documentation for security features and make sure you can define the users, groups, and privileges in all database servers you want to use.
USER.
For example, with Oracle DB:SELECT USER INTO p_username FROM DUAL| Database Server Type | SQL Keyword / Function | DB Users topic |
|---|---|---|
| IBM® Informix® | USER / CURRENT_USER |
DB Users in IBM Informix |
| Microsoft™ SQL Server | CURRENT_USER |
DB Users in SQL Server |
| Oracle® MySQL / MariadDB | CURRENT_USER / CURRENT_USER() |
DB Users in Oracle MySQL |
| Oracle Database Server | USER |
DB Users in Oracle DB |
| PostgreSQL | USER / CURRENT_USER |
DB Users in PostgreSQL |
| SAP HANA® | CURRENT_USER |
DB Users in SAP HANA |
| SQLite | N/A | DB Users in SQLite |
| Dameng® | USER |
DB Users in Dameng |