Oracle 12C 之 CDB/PDB用户的建立与对象管理

时间  2019-11-08
标签 oracle 12c cdb pdb 用户 建立 对象 管理 栏目 Oracle 繁體版
原文   原文链接

 

在Oracle 12C中,帐号分为两种,一种是公用帐号,一种是本地帐号(亦可理解为私有帐号)。共有帐号是指在CDB下建立,并在所有PDB中生效的帐号,另外一种是在PDB中建立的帐号。c#

针对这两种帐号的测试以下:session

1.1 在PDB中建立测试帐号

 

SQL> alter session set container=pdb01;app

 

Session altered.ide

 

SQL> select username from dba_users where username like 'GUI%';测试

 

no rows selectedui

 

SQL> CREATE USER TEST IDENTIFIED BY test;spa

 

User created.对象

 

SQL> grant dba to test;ci

 

Grant succeeded.it

 

SQL> show con_name

 

CON_NAME

------------------------------

PDB01

SQL> conn /as sysdba

Connected.

SQL> create user test identified by test;

create user test identified by test

            *

ERROR at line 1:

ORA-65096: invalid common user or role name

SQL> show con_name

 

CON_NAME

------------------------------

CDB$ROOT

结论:

若是在PDB中已经存在一个用户或者角色,则在CDB中不能建立相同的帐号或者角色名。

1.2 在CDB中建立测试帐号

SQL> show con_name

 

CON_NAME

------------------------------

CDB$ROOT

SQL> create user C##GUIJIAN IDENTIFIED BY guijian;   ------注意CDB中建立用户必定要带上c##

User created.

SQL> create user c#gui identified by gui;

create user c#gui identified by gui

            *

ERROR at line 1:

ORA-65096: invalid common user or role name

 

SQL> select username from dba_users where username like '%GUI%';

 

USERNAME

--------------------------------------------------------------------------------

C##GUIJIAN

 

SQL> ALTER SESSION SET CONTAINER=PDB01;

 

Session altered.

 

SQL> select username from dba_users where username like '%GUI%';

 

USERNAME

--------------------------------------------------------------------------------

C##GUIJIAN

 

SQL> create user guijian identified by guijian;

 

User created.

一样在CDB中建立帐号后不能在PDB中出现同名的帐号,因CDB中的帐号对全部的PDB都是有效的。

SQL> create user c##guijian identified by guijian;

create user c##guijian identified by guijian

            *

ERROR at line 1:

ORA-65094: invalid local user or role name

SQL> alter session set container=pdba;

 

Session altered.

 

SQL> show user

USER is "SYS"

SQL> alter user sys identified by sys;

alter user sys identified by sys

*

ERROR at line 1:

ORA-65066: The specified changes must apply to all containers

 

SQL> show con_name

 

CON_NAME

------------------------------

PDBA

 

SQL> conn /as sysdba

Connected.

SQL> show con_name

 

CON_NAME

------------------------------

CDB$ROOT

SQL> alter user sys identified by sys;

 

User altered.

 

SQL>

 

1.3 CDB下建立帐号的权限问题

SQL> conn / as sysdba

Connected.

SQL> grant connect,create session to c##cdb;

 

Grant succeeded.

 

SQL> conn c##cdb/cdb@pdba

ERROR:

ORA-01045: user C##CDB lacks CREATE SESSION privilege; logon denied

 

 

Warning: You are no longer connected to ORACLE.

SQL> a

SP2-0004: Nothing to append.

SQL> conn / as sysdba

Connected.

SQL> alter session set container=pdba;

 

Session altered.

 

SQL> grant resource,connect to c##cdb;

 

Grant succeeded.

 

SQL> conn  /as sysdba

Connected.

SQL> conn c##cdb/cdb@pdba

Connected.

SQL>

SQL> conn / as sysdba

Connected.

SQL> create user guijian identified by guijian container=current;

create user guijian identified by guijian container=current

                                  *

ERROR at line 1:

ORA-65049: creation of local user or role is not allowed in CDB$ROOT

 

 

SQL> create user c##guijian identified by guijian container=current;

create user c##guijian identified by guijian container=current

            *

ERROR at line 1:

ORA-65094: invalid local user or role name

 

 

SQL> show con_name

 

CON_NAME

------------------------------

CDB$ROOT

SQL> create user c##guijian identified by guijian container=all;

 

User created.

 

SQL> create user c##guijian01 identified by guijian;

 

User created.

 

SQL> conn  /as sysdba

Connected.

SQL> show con_name            

 

CON_NAME

------------------------------

CDB$ROOT

SQL> grant dba to c##guijian01;

 

Grant succeeded.

 

SQL> conn c##guijian01/guijian@pdba

ERROR:

ORA-01045: user C##GUIJIAN01 lacks CREATE SESSION privilege; logon denied

 

 

Warning: You are no longer connected to ORACLE.

SQL> conn  /as sysdba

Connected.

SQL> show con_name

 

CON_NAME

------------------------------

CDB$ROOT

SQL> grant dba to c##guijian01 container=all;

 

Grant succeeded.

 

SQL> conn c##guijian01/guijian@pdba

Connected.

1.4 对象管理测试

对象管理测试中,咱们简单测试在共有帐号的数据对象的CDB和PDB下的不一样。

一、在CDB下建立对象,在PDB下查看:

SQL> conn c##cdb/cdb

Connected.

SQL> show con_name

 

CON_NAME

------------------------------

CDB$ROOT

SQL> create table cdb as select * from dba_users;

 

Table created.

 

SQL> commit;

 

Commit complete.

 

SQL>

能够看到,在CDB下的共有帐号建立的对象在PDB下是看不到的。

二、在PDB下的共有帐号建立对象,在CDB下查看:

SQL> show con_name

 

CON_NAME

------------------------------

PDBA

SQL> show user

USER is "C##CDB"

SQL> select object_name from user_objects;

 

no rows selected

 

SQL> create table cdb as select * from dba_users;

 

Table created.

能够看出,针对同一个共有帐号在PDB下建立的帐号在CDB是看不到的,此外咱们还注意到一个细节,针对同一个共有帐号,在PDB和CDB下建立的共有帐号因在CDB和PDB下被赋予了不一样的含义,故在CDB下建立的对象和在PDB下建立的对象是能够同名的,反之也成立。

结论:

一、 若是在PDB中已经存在一个用户或者角色,则在CDB中不能建立相同的帐号或者角色名。

二、 一样在CDB中建立帐号后不能在PDB中出现同名的帐号,因CDB中的帐号对全部的PDB都是有效的。

三、 在CDB中建立的帐号将会在所有的PDB中出现,可是在CDB中的受权,如非特别指定的话,并不能传递到PDB中。

四、 针对同一个共有帐号在PDB下建立的帐号在CDB是看不到的。针对同一个共有帐号,在PDB和CDB下建立的共有帐号因在CDB和PDB下被赋予了不一样的含义,故在CDB下建立的对象和在PDB下建立的对象是能够同名的,反之也成立。

相关文章
相关标签/搜索
每日一句
    每一个你不满意的现在,都有一个你没有努力的曾经。
本站公众号
   欢迎关注本站公众号,获取更多信息
联系我们 最近搜索 最新文章 沪ICP备13005482号-10 MyBatis教程 SQL 教程 MySQL教程 Java 教程 Thymeleaf 教程 Hibernate教程 Spring教程 Redis教程