Each user will get their own database user with restricted access to ensure good isolation between clients. Eg. if there would be and SQL injection the user would only be able to access and steal data they already own. Administrative access to databases are restricted, logged and protected with several security mechanisms.