Database Reference
In-Depth Information
To shut down a CDB database use this command:
SQL> shutdown immediate;
This SQL tells you where and who you are (which container and username)
SQL> show con_id con_name user;
A DBA will open and close PDBs rather than stop and start them, as processes are already running after starting
the CDB.
The primary security concern is that the PDBs are not actually separate, and since they share the same password
file the SYS password has to be the same on all PDBs/CDB. Additionally, any access from the PDB to the OS will
enable exploitation of all PDBs. Thus, the separation is a logical/virtual one, a bit like VPD, but can be bypassed with
medium OS access privileges from the DB.
Understanding Users and Roles in 12c
Much of user management is the same in 12c as it was in 11g, but there is a fundamental change in that there are now
two types of user, based on whether that account's scope is restricted to within its local container or throughout all
the containers.
1.
Local User
- just that container
2.
Common User
- common to all containers
The local type of user in a pluggable database behaves the same way as a user in a non-CDB environment,
i.e., 11g style.
A common user is one that is created and exists in the root container and is then replicated to every pluggable
database hosted by that CDB.
Within the CDB you can only create common users. Common users are prefixed by
c##
. Why this prefix was
chosen is a question we would all like answered. I personally suspect that a Microsoft mole has surreptitiously gained
control of the DB dev team and is subliminally implanting Microsoft programming languages into the Oracle RDBMS.
Watch out for MFC users in 12.2!
But, seriously, you will be glad to know that the default Oracle provided common users, like
SYS
and
SYSTEM
, do
not need
c##
at the beginning.
This command creates a common user accessible in all hosted pluggable databases:
$ sqlplus / as sysdba
SQL> create user c##myuser identified by mypassword container=all;
New common users must be granted privileges in each pluggable database. A way around this is to create a
common role that is granted to the new common user. This common role will propagate with the common user, which
is very useful.
Creating Common Roles
A common role is created in the root container and is automatically propagated in all associated pluggable databases.
Common roles must also start with
c##
.
$ sqlplus / as sysdba
SQL> create role c##myrole container = all;
