The initial installation of Oracle Utilities products are not delivered with a completely blank database to start your implementation upon. The Oracle Utilities Application Framework is a meta data driven framework which requires base meta data that is owned by the various products using the framework. Like all meta data it must be owned by an application user as the custodian of that information. In the case of the Oracle Utilities Application Framework that user is SYSUSER. This is the base userid delivered with the product and is unique in terms of security in the product:
- SYSUSER is designed as the initial user. When you first install a product, you need an identity to first login into the system and add additional users for your implementation. It is no different, in this respect, to the privileged accounts on the database that are used to establish other accounts.
- SYSUSER should not be to process data. After other users are configured, the SYSUSER account should not be used for any processing in the product. The account is not designed for use post the initial requirement. One of the big reasons for this is that SYSUSER is owned by the product, so it cannot be changed significantly. This severely limits its usefulness.
- SYSUSER should never be deleted. The SYSUSER account should not be deleted as it is used as the identity for all the relevant meta data delivered by the product.
- SYSUSER should be disabled. Post it's initial use it should be disabled (this is allowed by an appropriate administration account) to prevent its use post it's original intent.
I am aware of some early users of the products actively using SYSUSER for some operations. We recommend that you consider moving the user for those operations to another user and disabling the account.