Database Reference
In-Depth Information
Similarly, the next example shows how local user
lne6_admin
can grant the common
user
c##mydba
the AUDIT_VIEWER and c##passord_timeout common roles for use within
the
lne6
PDB.
SQL> CONNECT lne6_admin/system06@lne6
SQL> GRANT AUDIT_VIEWER, c##password_timeout TO c##my_dba CONTAINER=CURRENT;
Grant succeeded.
SQL>
The next example shows how a local user
lne6_admin
can revoke a role from a PDB.
Remember that in a PDB
CONTAINER=CURRENT
is implied.
SQL> CONNECT lne6_admin/system06@lne6
SQL> REVOKE lne_boss FROM smith06 CONTAINER=CURRENT;
Revoke succeeded.
SQL>
Enabling Common Users to Access Data in Specific PDBs
In the following sections, we will discuss how to set up common users to access data in PDBs.
Since common users have by default the same identity across all containers in a multitenant
CDB environment, you'll need to grant them the ability to set the current container and grant
them access to specific objects within PDB schemas.
We'll first discuss how to grant common users privileges to create objects within PDBs.
Next we'll discuss the
CONTAINER_DATA
concept, and finally we'll show how a common user
can access objects related to PDBs in a common view.
Granting or Revoking Privileges to Create PDB Objects
To grant a privilege in a multitenant environment, include the
CONTAINER
clause in the
GRANT
or
REVOKE
statement. Setting
CONTAINER
to
ALL
applies the privilege to all existing and future
containers; setting it to
CURRENT
applies the privilege to the local container only. The default
value of the
CONTAINER
is implied to be common if you're a common user and the current con-
tainer is
CDB$ROOT
; it is implied to be local if your current container is a PDB. So, when the
current container is a PDB, the
CONTAINER
clause defaults to local, and the privilege applies to
the local container. If you issue the
GRANT
or
REVOKE
statement from the
CDB$ROOT
, the privi-
lege is granted or revoked commonly. Here's an example of granting a privilege to a common
user that will allow that user to create a table in any PDB.
SQL> CONNECT sys/system@CONT AS SYSDBA
Connected.
Search WWH ::
Custom Search