Oracle provides guidelines to secure user accounts and privileges. Practice the principle of least privilege. Oracle recommends the following guidelines: Grant necessary privileges only. Do not provide database users or roles more privileges than are necessary. (If possible, grant privileges to roles, not users.) In other words, the principle of least privilege is that users be given only those privileges that are actually required to efficiently perform their jobs. To implement this principle, restrict the following as much as possible: The number of SYSTEM and OBJECT privileges granted to database users. The number of people who are allowed to make SYS -privileged connections to the database. The number of users who are granted the ANY privileges, such as the DROP ANY TABLE privilege. For example, there is generally no need to grant CREATE ANY TABLE privileges to a non-DBA-privile...