Yes. See Principle of least privilege.
In information security, computer
science, and other fields, the
principle of least privilege, also
known as the principle of minimal
privilege or just least privilege,
requires that in a particular
abstraction layer of a computing
environment, every module (such as a
process, a user or a program on the
basis of the layer we are considering)
must be able to access only such
information and resources that are
necessary to its legitimate
purpose.[1][2] When applied to users,
the terms least user access or
least-privileged user account (LUA)
are also used, referring to the
concept that all users at all times
should run with as few privileges as
possible, and also launch applications
with as few privileges as possible.
There are a lot of technologies which help a company embrace this principle. Many fall under the same category as technologies focused on preserving the end user identity across each tier and answering the question:
'Who is the "real" User'?
You should at minimum be aware of the consequences and risks the decision to ignore the Principle of Least Privilege and using a single shared database user account for all interactions between your mid-tier/application server and database. There are techniques to remain productive as a database application developer and still provide robust security features in your application.
Examples of Technologies in this space include but are not limited to:
- Kerberos ticket or an X.509
certificate (SSL).
- Proxy Authentication - Allows you to continue to pool connections but proxy as different roles for each session.
There are other benefits to embracing the principle of least privilege besides security. In many databases a read only connection can perform better because it doesn't need to be aware of and/or participate in transactions.