Database users and security

Properly identifying database users allows to use database security and audit features.

To get the benefit of the database server security features, you should identify each physical user as a database user.

Some applications use a single database user for different end users, to avoid user management and connection issues in the database. This is not good practice, because all user-related features of the database are unusable. Furthermore, the single db user often has all database privileges and thus can lead in security issues.

According to the type of server, you must do this steps to create a database user:

  1. Define the user as an operating system user.
  2. Declare the user in the database server.
  3. Grant database access privileges.

Each database server has its specific users management and data access privilege mechanisms. Check the vendor documentation for security features and make sure you can define the users, groups, and privileges in all database servers you want to use.

Programs can identify the current user by executing an SQL query using a keyword or SQL function that returns the database user name. In most database brands, the keyword is USER. For example, with Oracle DB:
SELECT USER INTO p_username FROM DUAL
Table 1. Database user definitions by database engine brands
Database Server Type SQL Keyword / Function DB Users topic
IBM® DB2® LUW CURRENT_USER DB Users in IBM DB2 LUW
IBM Informix® USER / CURRENT_USER DB Users in IBM Informix
IBM Netezza® USER / CURRENT_USER DB Users in IBM Netezza
Microsoft™ SQL Server CURRENT_USER DB Users in SQL Server
Oracle® MySQL / MariadDB CURRENT_USER / CURRENT_USER() DB Users in Oracle MySQL
Oracle Database Server USER DB Users in Oracle DB
PostgreSQL USER / CURRENT_USER DB Users in PostgreSQL
SAP HANA® CURRENT_USER DB Users in SAP HANA
SQLite N/A DB Users in SQLite