Database Reference
In-Depth Information
Commonly Granted Object Privileges
An object privilege on a common object applies to that object and metadata links or object
links that are associated with it in
CDB$ROOT
and in PDBs that the grantor has privileges to
connect to, if the following requirements are met:
■
A common privilege may not be granted or revoked on a local object.
■
The grantor must be a common user and the grantee is a common user, a common role,
or the PUBLIC role.
■
The grantor has been granted the GRANT OPTION for the granted privilege.
■
The
CONTAINER=ALL
clause must be included in the GRANT statement.
This example shows how a common user can grant an object privilege commonly to the
common user
c##my_dba
so that they may select from
dba_tables
in the current container.
Notice that the
c##my_dba
user has privileges on
dba_views
in the
CDB$ROOT
but does not
have privileges on
dba_views
in the PDB.
SQL> CONNECT sys/system@CONT AS SYSDBA
Connected.
SQL> SHOW CON_NAME
CON_NAME
------------------------------
CDB$ROOT
SQL> GRANT SELECT ON DBA_TABLES TO C##MY_DBA CONTAINER=ALL;
Grant succeeded.
SQL> GRANT SELECT ON DBA_VIEWS TO C##MY_DBA CONTAINER=ALL;
Grant succeeded.
SQL> connect C##my_dba/secret@CONT
Connected.
SQL> SELECT COUNT(1) FROM dba_tables;
COUNT(1)
----------
2317
SQL> SELECT COUNT(1) FROM dba_views;
Search WWH ::
Custom Search