Use super-user (not SYS!) to run Liquibase multi-schema changesets.

These are notes for myself. Use on production database at your own risk

I use Liquibase a lot.

I can't imagine my work without versioning and controlling my database changes.

Don't use SYS to deploy your Liquibase changesets!

If I have a simple one-schema application, it's a no-brainer - use this schema user to deploy Liquibase changesets.

What If it's more complicated, and my app uses two or more schemas?

I can use SYS as SYSDBA to run Liquibase changesets. But shouldn't we beware of it?

User your own (not SYS) SUPER_USER

CREATE ROLE SUPER_USER;

--I used GRANT ALL PRIVILEGES TO SUPER_USER;
--and removed all unnecessary grants ( in my opinion)
GRANT ALTER ANY INDEX TO SUPER_USER;
GRANT ALTER ANY MATERIALIZED VIEW TO SUPER_USER;
GRANT ALTER ANY PROCEDURE TO SUPER_USER;
GRANT ALTER ANY SEQUENCE TO SUPER_USER;
GRANT ALTER ANY TABLE TO SUPER_USER;
GRANT ALTER ANY TRIGGER TO SUPER_USER;
GRANT ALTER ANY TYPE TO SUPER_USER;
GRANT ALTER SESSION TO SUPER_USER;
GRANT COMMENT ANY TABLE TO SUPER_USER;
GRANT CREATE ANY CONTEXT TO SUPER_USER;
GRANT CREATE ANY INDEX TO SUPER_USER;
GRANT CREATE ANY INDEXTYPE TO SUPER_USER;
GRANT CREATE ANY JOB TO SUPER_USER;
GRANT CREATE ANY MATERIALIZED VIEW TO SUPER_USER;
GRANT CREATE ANY PROCEDURE TO SUPER_USER;
GRANT CREATE ANY SEQUENCE TO SUPER_USER;
GRANT CREATE ANY SYNONYM TO SUPER_USER;
GRANT CREATE ANY TABLE TO SUPER_USER;
GRANT CREATE ANY TRIGGER TO SUPER_USER;
GRANT CREATE ANY TYPE TO SUPER_USER;
GRANT CREATE ANY VIEW TO SUPER_USER;
GRANT CREATE DATABASE LINK TO SUPER_USER;
GRANT CREATE JOB TO SUPER_USER;
GRANT CREATE MATERIALIZED VIEW TO SUPER_USER;
GRANT CREATE ROLE TO SUPER_USER;
GRANT CREATE SEQUENCE TO SUPER_USER;
GRANT CREATE SESSION TO SUPER_USER;
GRANT CREATE SYNONYM TO SUPER_USER;
GRANT CREATE TABLE TO SUPER_USER;
GRANT CREATE TABLESPACE TO SUPER_USER;
GRANT CREATE TRIGGER TO SUPER_USER;
GRANT CREATE TYPE TO SUPER_USER;
GRANT CREATE VIEW TO SUPER_USER;
GRANT DELETE ANY TABLE TO SUPER_USER;
GRANT DROP ANY CONTEXT TO SUPER_USER;
GRANT DROP ANY INDEX TO SUPER_USER;
GRANT DROP ANY INDEXTYPE TO SUPER_USER;
GRANT DROP ANY MATERIALIZED VIEW TO SUPER_USER;
GRANT DROP ANY PROCEDURE TO SUPER_USER;
GRANT DROP ANY SEQUENCE TO SUPER_USER;
GRANT DROP ANY SYNONYM TO SUPER_USER;
GRANT DROP ANY TABLE TO SUPER_USER;
GRANT DROP ANY TRIGGER TO SUPER_USER;
GRANT DROP ANY TYPE TO SUPER_USER;
GRANT DROP ANY VIEW TO SUPER_USER;
GRANT DROP PUBLIC DATABASE LINK TO SUPER_USER;
GRANT DROP PUBLIC SYNONYM TO SUPER_USER;
GRANT EXECUTE ANY PROCEDURE TO SUPER_USER;
GRANT EXECUTE ANY PROGRAM TO SUPER_USER;
GRANT GRANT ANY OBJECT PRIVILEGE TO SUPER_USER;
GRANT GRANT ANY PRIVILEGE TO SUPER_USER;
GRANT ON COMMIT REFRESH TO SUPER_USER;
GRANT SELECT ANY SEQUENCE TO SUPER_USER;
GRANT SELECT ANY TABLE TO SUPER_USER;
GRANT UPDATE ANY TABLE TO SUPER_USER;
GRANT INSERT ANY TABLE TO SUPER_USER;
GRANT USE ANY JOB RESOURCE TO SUPER_USER;
GRANT APEX_ADMINISTRATOR_ROLE to SUPER_USER;

GRANT SUPER_USER to MY_LIQUIBASE_USER;

It's still quite empowered not SYS user.