Pluggable Databases - Expert Consolidation in Oracle Database 12c

Database Reference

In-Depth Information

If you would like to grant the same privilege to all current and future PDBs, then you could have used the

following command:

SYS@CDB$ROOT> alter user c##perfuser set container_data = all

2 container = current;

User altered.

This allows you to view information for all container object data views across all PDBs. This should be used with

care for the obvious reasons. To undo the grant to “all” you have to use the following command:

SYS@CDB$ROOT> alter user c##perfuser set container_data = default

2 container = current;

In summary, the use of the “container_data” clause might be more secure then granting access to the PDB as a

whole. Think of it as it in the same terms as of a Virtual Private Database. Your deployment process however must

ensure that the container data clause includes any new PDBs. You can check which privileges have been granted by

querying the DBA_CONTAINER_DATA view.

Creating local users

As the name implies, local users are local to a PDB, and a major consolidation feature within Oracle 12.1. In previous

releases it was simply not possible to have multiple users in the same database, but now that is perfectly possible,

although these users have to be in different PDBs. What you cannot have however is a global user with the same name

as the local user. Each of the local users owns objects independently of any other PDB. A local user must be created in

the current container: the “container” clause doesn't take the name of a PDB as an argument.

■

Note

remember that you cannot use operating system authentication for local users in a pDb.

Connect to the PDB as a common user with the DBA role such as SYSTEM or SYS and then create the user as you

would in a non-CDB. Again, the same clauses apply to create a user in the PDB as there are in the CDB and discussed

before. A more complete example for a user creation is shown below:

SQL> create user luser identified by luserpwd

2 default tablespace users

3 temporary tablespace temp

4 quota unlimited on users

5 profile appSpecificProfile

6 password expire

7 account unlock

8 container = current;

User created.

Checking the CDB_USERS view in the CDB root you will see that the user belongs to the container it was created

in only.

Search WWH ::

Custom Search

Home