Database Reference
In-Depth Information
The syntax for closing PDBs is very similar. Like with opening PDBs, you can name individual PDBs to be closed.
Alternatively you could instruct Oracle to close all of them using the “alter pluggable database all close” command.
This will wait for user sessions to disconnect, similar to a “shutdown” command in the non-CDB. To force users to
disconnect, specify the “immediate” keyword. This can be useful if you have a short change window and need users to
get off the PDB quickly in order to prepare it for cloning.
Users and roles in the context of a PDB
As you can imagine, the introduction of the Container Database brings with it changes in the security model. The
most profound change impacts the database user account, and database roles. Users in Oracle 12.1 are either
common users, or local users. All Oracle-supplied users are common users. Figure
7-7
shows the relationship between
common and local users.
Figure 7-7.
Common users and local users compared
Common users are common to the whole CDB, and implicitly to all PDBs currently plugged into the root
container. They inherit the same password, and some Oracle-maintained accounts can also execute the “alter session
set container” command to quickly change from one container to another without having to reconnect. Non-Oracle
maintained common users need to be granted the relevant privileges. Common users will also be created for all
future PDBs.
Now that poses an interesting question for your non-Oracle monitoring accounts: will you create them as
common users in a
dbca
-template, or do you create a PDB template with the monitoring account created locally?
Many factors favor the common account, which only needs to be maintained once when it has been locked or the
password needs to be reset.
Search WWH ::
Custom Search