Database Reference
In-Depth Information
Commonly Granted Privileges
It's important to remember that in a multitenant environment a privilege is neither common
nor local, but a privilege can be granted commonly or locally, and that common users and
local users can grant privileges to each other. In the context of the multitenant environment,
the term “commonly granted” means that the privilege or role was granted to a common
user. Also, the following statements apply:
A privilege that is granted commonly applies to all existing containers and future PDBs.
■
Common users grant privileges commonly to common users or to common roles.
■
When granting a common privilege the user is connected to the
CDB$ROOT
container
and uses the
CONTAINER=ALL
clause in the
GRANT
statement.
■
System and object privileges can be commonly granted.
■
A common user's ability to perform activities in the current container is controlled by
both locally granted and commonly granted privileges.
■
You must not grant privileges to the PUBLIC role commonly, because this will make
the role available to all users.
■
Commonly Granted System Privileges
System privileges granted commonly apply in the root and in all PDBs when the following
requirements are met:
■
The privilege grantor is a common user and the grantee is a common user or role,
or PUBLIC.
■
The
GRANT
statement contains the
CONTAINER=ALL
clause.
■
The common user has been granted the common system privilege with the
ADMIN OPTION.
Do not commonly grant system privileges to the PUBLIC role, as mentioned previously.
Here's an example of a common user granting a system privilege to another common user
while connected to the root.
SQL> CONNECT sys/system@CONT AS SYSDBA
Connected.
SQL> GRANT CREATE ANY TABLE TO c##my_dba CONTAINER=ALL;
Grant succeeded.
SQL>
Search WWH ::
Custom Search