Limit Privilege Scope for EBS Database Users with Oracle AI Database 26ai Schema-Level Privileges

In Oracle E-Business Suite (EBS) instances on Oracle Database 19c and earlier, the EBS_SYSTEM and APPS users are granted some system-level privileges in order to manage EBS objects. On Oracle AI Database 26ai, EBS leverages the new, more granular schema-level privileges introduced in this database version to limit the scope of the grants to EBS_SYSTEM and APPS. Instead of having privileges on the entire system, the EBS_SYSTEM and APPS users are now granted most privileges only for the schemas that are registered with EBS, including schemas for EBS products as well as custom applications created using the AD Splice utility. This restricted scope further enhances the least privilege model of EBS, under which users are given only the minimum necessary access to perform their functions.

The new schema-level privileges are implemented automatically when you upgrade an EBS instance to Oracle AI Database 26ai. Database administrators should revoke the previous system-level privileges as part of the database upgrade using a provided script called adrevoke.sql.

Steps to enable and configure

You don't need to do anything to enable this feature.