碼上快樂

相關內容    簡體    繁體

轉 Oracle 12C 之 CDB/PDB用戶的創建與對象管理

本文轉載自   查看原文   2016-12-09 10:14   6267    house keep

在Oracle 12C中,賬號分為兩種,一種是公用賬號,一種是本地賬號(亦可理解為私有賬號)。共有賬號是指在CDB下創建,並在全部PDB中生效的賬號,另一種是在PDB中創建的賬號。

針對這兩種賬號的測試如下:

1.1 在PDB中創建測試賬號

 

SQL> alter session set container=pdb01;

 

Session altered.

 

SQL> select username from dba_users where username like 'GUI%';

 

no rows selected

 

SQL> CREATE USER TEST IDENTIFIED BY test;

 

User created.

 

SQL> grant dba to test;

 

Grant succeeded.

 

SQL> show con_name

 

CON_NAME

------------------------------

PDB01

SQL> conn /as sysdba

Connected.

SQL> create user test identified by test;

create user test identified by test

            *

ERROR at line 1:

ORA-65096: invalid common user or role name

SQL> show con_name

 

CON_NAME

------------------------------

CDB$ROOT

結論:

如果在PDB中已經存在一個用戶或者角色,則在CDB中不能創建相同的賬號或者角色名。

1.2 在CDB中創建測試賬號

SQL> show con_name

 

CON_NAME

------------------------------

CDB$ROOT

SQL> create user C##GUIJIAN IDENTIFIED BY guijian;   ------注意CDB中創建用戶一定要帶上c##

User created.

SQL> create user c#gui identified by gui;

create user c#gui identified by gui

            *

ERROR at line 1:

ORA-65096: invalid common user or role name

 

SQL> select username from dba_users where username like '%GUI%';

 

USERNAME

--------------------------------------------------------------------------------

C##GUIJIAN

 

SQL> ALTER SESSION SET CONTAINER=PDB01;

 

Session altered.

 

SQL> select username from dba_users where username like '%GUI%';

 

USERNAME

--------------------------------------------------------------------------------

C##GUIJIAN

 

SQL> create user guijian identified by guijian;

 

User created.

同樣在CDB中創建賬號后不能在PDB中出現同名的賬號,因CDB中的賬號對所有的PDB都是有效的。

SQL> create user c##guijian identified by guijian;

create user c##guijian identified by guijian

            *

ERROR at line 1:

ORA-65094: invalid local user or role name

SQL> alter session set container=pdba;

 

Session altered.

 

SQL> show user

USER is "SYS"

SQL> alter user sys identified by sys;

alter user sys identified by sys

*

ERROR at line 1:

ORA-65066: The specified changes must apply to all containers

 

SQL> show con_name

 

CON_NAME

------------------------------

PDBA

 

SQL> conn /as sysdba

Connected.

SQL> show con_name

 

CON_NAME

------------------------------

CDB$ROOT

SQL> alter user sys identified by sys;

 

User altered.

 

SQL>

 

1.3 CDB下創建賬號的權限問題

SQL> conn / as sysdba

Connected.

SQL> grant connect,create session to c##cdb;

 

Grant succeeded.

 

SQL> conn c##cdb/cdb@pdba

ERROR:

ORA-01045: user C##CDB lacks CREATE SESSION privilege; logon denied

 

 

Warning: You are no longer connected to ORACLE.

SQL> a

SP2-0004: Nothing to append.

SQL> conn / as sysdba

Connected.

SQL> alter session set container=pdba;

 

Session altered.

 

SQL> grant resource,connect to c##cdb;

 

Grant succeeded.

 

SQL> conn  /as sysdba

Connected.

SQL> conn c##cdb/cdb@pdba

Connected.

SQL>

SQL> conn / as sysdba

Connected.

SQL> create user guijian identified by guijian container=current;

create user guijian identified by guijian container=current

                                  *

ERROR at line 1:

ORA-65049: creation of local user or role is not allowed in CDB$ROOT

 

 

SQL> create user c##guijian identified by guijian container=current;

create user c##guijian identified by guijian container=current

            *

ERROR at line 1:

ORA-65094: invalid local user or role name

 

 

SQL> show con_name

 

CON_NAME

------------------------------

CDB$ROOT

SQL> create user c##guijian identified by guijian container=all;

 

User created.

 

SQL> create user c##guijian01 identified by guijian;

 

User created.

 

SQL> conn  /as sysdba

Connected.

SQL> show con_name            

 

CON_NAME

------------------------------

CDB$ROOT

SQL> grant dba to c##guijian01;

 

Grant succeeded.

 

SQL> conn c##guijian01/guijian@pdba

ERROR:

ORA-01045: user C##GUIJIAN01 lacks CREATE SESSION privilege; logon denied

 

 

Warning: You are no longer connected to ORACLE.

SQL> conn  /as sysdba

Connected.

SQL> show con_name

 

CON_NAME

------------------------------

CDB$ROOT

SQL> grant dba to c##guijian01 container=all;

 

Grant succeeded.

 

SQL> conn c##guijian01/guijian@pdba

Connected.

1.4 對象管理測試

對象管理測試中,我們簡單測試在共有賬號的數據對象的CDB和PDB下的不同。

1、在CDB下創建對象,在PDB下查看:

SQL> conn c##cdb/cdb

Connected.

SQL> show con_name

 

CON_NAME

------------------------------

CDB$ROOT

SQL> create table cdb as select * from dba_users;

 

Table created.

 

SQL> commit;

 

Commit complete.

 

SQL>

可以看到,在CDB下的共有賬號創建的對象在PDB下是看不到的。

2、在PDB下的共有賬號創建對象,在CDB下查看:

SQL> show con_name

 

CON_NAME

------------------------------

PDBA

SQL> show user

USER is "C##CDB"

SQL> select object_name from user_objects;

 

no rows selected

 

SQL> create table cdb as select * from dba_users;

 

Table created.

可以看出,針對同一個共有賬號在PDB下創建的賬號在CDB是看不到的,此外我們還注意到一個細節,針對同一個共有賬號,在PDB和CDB下創建的共有賬號因在CDB和PDB下被賦予了不同的含義,故在CDB下創建的對象和在PDB下創建的對象是可以同名的,反之也成立。

結論:

1、 如果在PDB中已經存在一個用戶或者角色,則在CDB中不能創建相同的賬號或者角色名。

2、 同樣在CDB中創建賬號后不能在PDB中出現同名的賬號,因CDB中的賬號對所有的PDB都是有效的。

3、 在CDB中創建的賬號將會在全部的PDB中出現,但是在CDB中的授權,如非特別指定的話,並不能傳遞到PDB中。

4、 針對同一個共有賬號在PDB下創建的賬號在CDB是看不到的。針對同一個共有賬號,在PDB和CDB下創建的共有賬號因在CDB和PDB下被賦予了不同的含義,故在CDB下創建的對象和在PDB下創建的對象是可以同名的,反之也成立。


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 Oracle 12c CDB和PDB的切換 Oracle 12C 創建用戶連接pdb 12C cdb/pdb 配置監聽 Oracle 12c中如何將CDB修改為PDB,並自動啟動PDB Pluggable Database oracle 12c創建可插拔數據庫(PDB)及用戶 oracle 12c創建可插拔數據庫(PDB)與用戶詳解 Oracle 12c創建PDB用戶並設置默認表空間 Oracle 12C 多種方式創建PDB 淺談Oracle12c 數據庫、用戶、CDB與PDB之間的關系 Oracle 12c中新建pdb用戶登錄問題分析
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM