In the beginning, our team was small, so we didn’t really need a more advanced access model. At the time, using shared Oracle Database schemas was the easiest and most practical choice. Sharing the same password with only a few people didn’t pose a lot of security risks or problems for administrators.
But as the team grew, new needs arose: better access control, easier administration, and less risk. We decided to switch to proxy users at that point, and the benefits quickly became clear.
Easier login: each developer connects to the schema as STEFANL[HR] or NIKOLAS[ACCOUNTING], but they use their own account, like STEFANL or NIKOLAS. They don’t need to know the schema’s password, just their own.
Better access control: grants are given to the schema (HR, ACCOUNTING) instead of to each developer. This makes it much easier to keep things safe.
Faster administration: when a developer quits, we just lock their account and they can’t access any schemas right away.
CI/CD integration: proxy users let us work together in a shared space without overwriting each other’s work. It’s always clear who is working on what with the Loki and SQLcl projects, and objects that are being edited are locked so that there are no conflicts.
This change turned out to be small but helpful in making things safer, easier to run, and allowing our team to work faster and more safely. Proxy users are now a normal part of how we develop.
