Every user must connect to the database using an authorized userid and password. Questions you’ll have to address include the following:
Will users share one or more common userids (this is common with many vendor applications) or will each user have a unique userid?
Should passwords expire after a period of time?
Do you need to implement a minimum length for passwords or impose other content restrictions?
Do you want to limit the number of concurrent sessions for a given user?
Will users be able to create their own objects?
Will you be able to restrict access to DBA or other privileged accounts?
Will the database be accessible for remote connections using SQL*Net or Net8?
Will the database be accessible for distributed queries?