We are doing this with our situation. We have a BO user created that connects with read only access to the databases. We grant specific table access to this user (not all tables only those needed for the reports). We have Active Directory control access to the BO application. This includes granting security to reports based on AD groups and such. It simplifies both the db and bo administration issues.
Rodd Holman Steiner, Randy wrote:
have 1 oracle account with rights to every table, be put into a bo connection string and then shift the security to bo.
-- //www.freelists.org/webpage/oracle-l