A software application, such as a database management system (DBMS), may support a number of different user accounts which may be used to access the software application. To use the software application, a person or computerized entity submits a username/password combination or other such authentication credential to the software application to log onto a particular user account. If the software application successfully validates the submitted authentication credential, the requesting person or computerized entity is then able to log onto the particular user account. Since each user account may have a different set of access privileges, the software application is able to manage access to sensitive resources by restricting access to the sensitive resources to only certain user accounts. Also, the software application is able to monitor and track user activity by analyzing actions performed by each user account.
There are many reasons why multiple people or computerized entities may use the same user account of a software application. One reason is that administrators and other IT personnel tend to share passwords for ease of management. For example, many people may know the password to log into a database management system as the database administrator. In times of emergency or to address a pressing situation, IT personnel may share passwords used to log into certain accounts. Also, certain software applications may only support a limited number of user accounts, and so IT personnel may be forced to share the same user account when using a software application. For example, some software applications only support a single user account that has administrator privileges. Furthermore, one or more instances of a first software application (such as a software application in the middle tier) may use a single user account to log into a second software application, such as a database management system. Thus, many IT personnel may have access to, or otherwise use, authentication credentials associated with the first software application, and may subsequently use those authentication credentials when logging into the second software application.
When multiple people or computerized entities log onto the same user account, the software application providing the user account loses the ability to distinguish between the real identities of the parties using the user account. Unfortunately, this results in a loss of accountability, as the software application cannot determine the real identity of the party using a user account. Also, the software application's ability to control access to sensitive resources managed by the software application is compromised since each party using a user account has the same level of access to the sensitive resources.