Got some IMs from one of my devs today including links to articles about Oracle proxy users. The IT-eye articles are very nice, and the asktom article just provides some tkyte flavor to it all. The obvious and immediate benefit is for web applications that would normally log in as one application users, with many virtual users contained in some application-specific authentication and privilege system. Proxy users gives you the privilege/role system of having real Oracle database users, and tightens up security by stripping all privileges away from the "application user" except for CREATE SESSION.

It also gives you an outlet for authenticating your users. In my case I could have my application do any type of authentication I would want, say to our MS Active Directory setup, and if that succeeds, make the call to proxy as that user in Oracle. The important thing to note is that the actual user's password in Oracle is never used and never needs to be known.