Management of Users and privilleges in Oracle Database 12c / 19c in container & Pluggable database

-

 [oracle@LNX-D1V-ORCL01 ~]$ sqlplus / as sysdba

SQL*Plus: Release 19.0.0.0.0 - Production on Fri Mar 15 07:59:58 2024

Version 19.3.0.0.0 Copyright (c) 1982, 2019, Oracle.  All rights reserved.

Connected to:

Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production

Version 19.3.0.0.0


SQL> show pdbs;

    CON_ID CON_NAME                       OPEN MODE  RESTRICTED

---------- ------------------------------ ---------- ----------

         2 PDB$SEED                       READ ONLY  NO

         3 PDB                            READ WRITE NO

 

Create the common user using the CONTAINER clause


SQL> create user c##user1 identified by c##user1 container=all;

User created.

SQL> grant create session to c##user1 container=all;

Grant succeeded.


Create the common user using the default CONTAINER setting


SQL> create user c##user2 identified by c##user2;

User created.

SQL> grant create session to c##user2;

Grant succeeded.


Create Local User in Specific Pluggable Database

While creating a local user the following requirements must all be met.

  • Must be connected to a user with the create user privilege.
  • Username for the local user must not be prefixed with “C##” or “c##”.
  • Username must be unique within the PDB.
  • You can either specify the container=all clause, or omit it, as this is the default setting when the current container is a PDB.


Create the local user using the CONTAINER clause


SQL> create user user1 identified by user1 container=current;


User created.


SQL> grant create session to user1 container=current;


create user user2 identified by user2 container=current;

grant create session to user2  container=current;


Create the local user using the default CONTAINER setting

Switch to Pluggable db = pdb

create user user3 identified by user3;


Role

Roles can be common or local. All Oracle-supplied roles are common and therefore available in the root container and all PDBs. Common roles can be created, provided the following conditions are must.

  • You must be connected to a common user with create role and the set container privileges granted commonly.
  • The current container must be the root container.
  • The role name for the common role must be prefixed with “C##” or “c##” and contain only ASCII or EBCDIC characters.
  • The role name must be unique across all containers.
  • The role is created with the container=all clause


Create common role


SQL> conn / as sysdba

Connected.

SQL> create role c##role1;

Role created.

SQL> grant create session to c##role1;

Grant succeeded


Grant it to a common user


SQL> conn / as sysdba

Connected.

SQL> grant c##role1 to c##user1 container=all;

Grant succeeded.

SQL> alter pluggable database all open;

Pluggable database altered.


create role c##role1;

create role c##role2;


grant create session to c##role1;

grant create trigger to c##role2;


Grant common role to common user

==From cdb$root


grant c##role1 to c##user1 container=all;


grant c##role1 to c##user1 ;


Local Role

Local roles are created in a similar manner to pre-12c databases. Each PDB can have roles with matching names, since the scope of a local role is limited to the current PDB. The following conditions are must.

  • Must be connected to a user with the create role privilege.
  • If you are connected to a common user, the container must be set to the local PDB.
  • Role name for the local role must not be prefixed with “C##” or “c##”.
  • Role name must be unique within the PDB.


Create local role

Login to pdbs


create role role1;

create role role2;


grant create session to role1;

grant create trigger to role2;


Grant local role to common user

==From pdb


grant role1 to c##user1;


Grant local role to local user


grant role1 to user1;


To check common user name in root container database

By default it is 36 users that are common. All users in cdb are common.

select username from dba_users;


To check common user in pdb 

All common user in cdb will be available in pdb (local db). i.e 41 rows

select username from dba_users where common='YES';


To check local user in pdb  

By default there will be only one local user i.e. PDBADMIN

select username from dba_users where common='NO';

Comments

Post a Comment

Popular posts from this blog

Enabling Autostart during server reboot of Oracle Database 19c filesystem on Oracle / Redhat Linux 7

-
============= Create a file /etc/init.d/dbora using dbora ================ vi /etc/init.d/dbora #! /bin/sh  -x # # This is my old script for auto-starting Oracle DB on Linux. # When I'm not using Cloud Databases, I now install the Oracle Database 21c RPM which includes its own script # # chkconfig: 2345 80 05 # description: start and stop Oracle Databases # # OL7: systemctl enable dbora # # Note: #   Change the awk pattern to match a DB of the ORACLE_HOME to be used #   Change the autostart entry of /etc/oratab to Y for any DB you want started; this is required by dbstart ORACLE_HOME=/u01/app/oracle/product/19.3.0/dbhome_1 # Note: Change the value of ORACLE to the login name of the oracle owner ORACLE=oracle PATH=${PATH}:$ORACLE_HOME/bin export ORACLE_HOME PATH case $1 in 'start')         echo -n $"Starting Oracle: "         su $ORACLE -c "$ORACLE_HOME/bin/dbstart $ORACLE_HOME" &         ;; 'stop') ...
Read more

Oracle Temporary Tablespace Resize

-
  Description:- In this article I'm going to see how to resize Temp Tablespace on PDB database level Demo:- Login in to PDB Database SQL> alter session set container=ORCLPDB; Session altered. First Check Temporary Tablespace Usage From PDB Level:- SELECT A.tablespace_name tablespace, D.GB_total,SUM (A.used_blocks * D.block_size) / 1024 / 1024 / 1024 GB_used,D.GB_total , SUM (A.used_blocks * D.block_size) / 1024 / 1024 / 1024 GB_free FROM v$sort_segment A, ( SELECT B.name, C.block_size, SUM (C.bytes) / 1024 / 1024 / 1024 GB_total FROM v$tablespace B, v$tempfile C WHERE B.ts#= C.ts# GROUP BY B.name, C.block_size ) D WHERE A.tablespace_name = D.name GROUP by A.tablespace_name, D.GB_total; TABLESPACE GB_TOTAL GB_USED GB_FREE —————————— ———- ———- ———- TEMP               .034179688            0             .034179688 From CDB level:- To find CDB and PDB temporary tablespace files s...
Read more