Database Reference
In-Depth Information
It is not essential for a common user to have the same privileges in every PDB. We will
demonstrate how to create a common user account later in this chapter.
The ability to create, modify, or delete CDB-wide attributes of a common user or role
is restricted to a common user connected to the root. A common user with appropriate
privileges can switch between containers and administer PDBs from the root. With the
appropriate privileges, the common user can perform operations in PDBs such as granting
privileges to local users, which will be discussed later in this chapter.
A common user can plug in and unplug, start up, shut down, and change the read-write
state for a PDB. With the right privileges, a common user can specify temporary tablespaces
for the CDB. A common user can perform the following operations across PDBs:
■
Grant privileges to common roles or common users
■
Recover a CDB using the
ALTER DATABASE
statement
■
Execute an
ALTER PLUGGABLE DATABASE
command while connected to the
CDB$ROOT
A common user may switch between PDBs and will use the privileges that are granted to
that user in the current PDB. In an Oracle Database Vault environment, the Database Vault
restrictions for a PDB apply to the common user when connected to the PDB.
Oracle recommends that you do not change the privileges of the Oracle-
supplied common users. You can grant different privileges in each PDB to
user-created common users.
Plugging in a PDB and Common Users
One of the nice features of the multitenant architecture is that you can plug in a non-CDB
from a previous or current release of the Oracle Database into a CDB as a PDB. This presents
an interesting scenario because the non-CDB does not have local or common users, only non-
CDB users. If you plug in a non-CDB, the following user translation occurs:
■
Oracle-supplied administrative accounts such as
SYS
and
SYSTEM
are merged with the
common user accounts of the CDB.
■
The passwords of the existing common user accounts are not overwritten.
■
Modified privileges of a user account apply as locally granted privileges only in the
plugged-in PDB and not in any other PDBs.
If a PDB from another source CDB contains a common user and you plug it into a
target CDB, then these translations occur:
Common user privileges for these common user accounts in this PDB are not brought
over from the source CDB.
■
If the new PDB has common users who already exist in the target CDB, then the
new common user is merged with the target common user, and the target common
user password is retained.
■
■
If the new PDB has common users who are not defined in the target CDB, then the new
common user accounts are locked.
■
Search WWH ::
Custom Search