Need DBA advices on creating a new user, application level or DBA level?

[Quoted] Hello all,

[Quoted] [Quoted]     Recently, my company wants to develop an application. One of the [Quoted] [Quoted] functions of the application is it can create a new user. This function [Quoted] [Quoted] can only be done by a project owner, such as PROJECTA_OWNER. [Quoted] PROJECTA_OWNER is not a DBA, he is just a project owner with some system privileges (such as create user).

[Quoted] [Quoted]     However, my company's DBA strongly disagree this function. He said [Quoted] that creating a new user should be done by DBA, not on application level. This is because using a client application to create a user may bypass his vision, as a result, he don't know why such a user exist after the application is running (since anyone who knows the PROJECTA_OWNER password can create a new user). He think that it is more difficult to manage the user accounts in the future.

    Now, I have some questions:

1. What do u think the above scenario? Should user creation done by [Quoted] [Quoted] DBA, or done on application level? ANy other disadvantages if done on application level?
2. I know that if done on application level, PROJECTA_OWNER need to [Quoted] alter some user parameters (e.g. default and temporary tablespace etc). However, such parameters may need to be hardcoded. This is not a good practice since we need to recompile the program if the tablespace name is changed to another name. Is there other ways to handle such situation? (I think using a PL/SQL procedure to create a new user, and the application is calling this procedure. This procedure is written by DBA. In this way, DBA can change this procedure without affect the application. Am I right)

    Any suggestions?

Thanks,
David Received on Wed Aug 02 2000 - 00:00:00 CEST