转 Oracle 12C 之 CDB/PDB用户的创建与对象管理
在Oracle 12C中,账号分为两种,一种是公用账号,一种是本地账号(亦可理解为私有账号)。共有账号是指在CDB下创建,并在全部PDB中生效的账号,另一种是在PDB中创建的账号。
针对这两种账号的测试如下:
1.1 在PDB中创建测试账号
SQL> alter session set container=pdb01;
Session altered.
SQL> select username from dba_users where username like 'GUI%';
no rows selected
SQL> CREATE USER TEST IDENTIFIED BY test;
User created.
SQL> grant dba to test;
Grant succeeded.
SQL> show con_name
CON_NAME
------------------------------
PDB01
SQL> conn /as sysdba
Connected.
SQL> create user test identified by test;
create user test identified by test
*
ERROR at line 1:
ORA-65096: invalid common user or role name
SQL> show con_name
CON_NAME
------------------------------
CDB$ROOT
结论:
如果在PDB中已经存在一个用户或者角色,则在CDB中不能创建相同的账号或者角色名。
1.2 在CDB中创建测试账号
SQL> show con_name
CON_NAME
------------------------------
CDB$ROOT
SQL> create user C##GUIJIAN IDENTIFIED BY guijian; ------注意CDB中创建用户一定要带上c##
User created.
SQL> create user c#gui identified by gui;
create user c#gui identified by gui
*
ERROR at line 1:
ORA-65096: invalid common user or role name
SQL> select username from dba_users where username like '%GUI%';
USERNAME
--------------------------------------------------------------------------------
C##GUIJIAN
SQL> ALTER SESSION SET CONTAINER=PDB01;
Session altered.
SQL> select username from dba_users where username like '%GUI%';
USERNAME
--------------------------------------------------------------------------------
C##GUIJIAN
SQL> create user guijian identified by guijian;
User created.
同样在CDB中创建账号后不能在PDB中出现同名的账号,因CDB中的账号对所有的PDB都是有效的。
SQL> create user c##guijian identified by guijian;
create user c##guijian identified by guijian
*
ERROR at line 1:
ORA-65094: invalid local user or role name
SQL> alter session set container=pdba;
Session altered.
SQL> show user
USER is "SYS"
SQL> alter user sys identified by sys;
alter user sys identified by sys
*
ERROR at line 1:
ORA-65066: The specified changes must apply to all containers
SQL> show con_name
CON_NAME
------------------------------
PDBA
SQL> conn /as sysdba
Connected.
SQL> show con_name
CON_NAME
------------------------------
CDB$ROOT
SQL> alter user sys identified by sys;
User altered.
SQL>
1.3 CDB下创建账号的权限问题
SQL> conn / as sysdba
Connected.
SQL> grant connect,create session to c##cdb;
Grant succeeded.
SQL> conn c##cdb/cdb@pdba
ERROR:
ORA-01045: user C##CDB lacks CREATE SESSION privilege; logon denied
Warning: You are no longer connected to ORACLE.
SQL> a
SP2-0004: Nothing to append.
SQL> conn / as sysdba
Connected.
SQL> alter session set container=pdba;
Session altered.
SQL> grant resource,connect to c##cdb;
Grant succeeded.
SQL> conn /as sysdba
Connected.
SQL> conn c##cdb/cdb@pdba
Connected.
SQL>
SQL> conn / as sysdba
Connected.
SQL> create user guijian identified by guijian container=current;
create user guijian identified by guijian container=current
*
ERROR at line 1:
ORA-65049: creation of local user or role is not allowed in CDB$ROOT
SQL> create user c##guijian identified by guijian container=current;
create user c##guijian identified by guijian container=current
*
ERROR at line 1:
ORA-65094: invalid local user or role name
SQL> show con_name
CON_NAME
------------------------------
CDB$ROOT
SQL> create user c##guijian identified by guijian container=all;
User created.
SQL> create user c##guijian01 identified by guijian;
User created.
SQL> conn /as sysdba
Connected.
SQL> show con_name
CON_NAME
------------------------------
CDB$ROOT
SQL> grant dba to c##guijian01;
Grant succeeded.
SQL> conn c##guijian01/guijian@pdba
ERROR:
ORA-01045: user C##GUIJIAN01 lacks CREATE SESSION privilege; logon denied
Warning: You are no longer connected to ORACLE.
SQL> conn /as sysdba
Connected.
SQL> show con_name
CON_NAME
------------------------------
CDB$ROOT
SQL> grant dba to c##guijian01 container=all;
Grant succeeded.
SQL> conn c##guijian01/guijian@pdba
Connected.
1.4 对象管理测试
对象管理测试中,我们简单测试在共有账号的数据对象的CDB和PDB下的不同。
1、在CDB下创建对象,在PDB下查看:
SQL> conn c##cdb/cdb
Connected.
SQL> show con_name
CON_NAME
------------------------------
CDB$ROOT
SQL> create table cdb as select * from dba_users;
Table created.
SQL> commit;
Commit complete.
SQL>
可以看到,在CDB下的共有账号创建的对象在PDB下是看不到的。
2、在PDB下的共有账号创建对象,在CDB下查看:
SQL> show con_name
CON_NAME
------------------------------
PDBA
SQL> show user
USER is "C##CDB"
SQL> select object_name from user_objects;
no rows selected
SQL> create table cdb as select * from dba_users;
Table created.
可以看出,针对同一个共有账号在PDB下创建的账号在CDB是看不到的,此外我们还注意到一个细节,针对同一个共有账号,在PDB和CDB下创建的共有账号因在CDB和PDB下被赋予了不同的含义,故在CDB下创建的对象和在PDB下创建的对象是可以同名的,反之也成立。
结论:
1、 如果在PDB中已经存在一个用户或者角色,则在CDB中不能创建相同的账号或者角色名。
2、 同样在CDB中创建账号后不能在PDB中出现同名的账号,因CDB中的账号对所有的PDB都是有效的。
3、 在CDB中创建的账号将会在全部的PDB中出现,但是在CDB中的授权,如非特别指定的话,并不能传递到PDB中。
4、 针对同一个共有账号在PDB下创建的账号在CDB是看不到的。针对同一个共有账号,在PDB和CDB下创建的共有账号因在CDB和PDB下被赋予了不同的含义,故在CDB下创建的对象和在PDB下创建的对象是可以同名的,反之也成立。
最新文章
- Google Maps API V3 之 路线服务
- BSBuDeJie_03
- go语言 类型:布尔类型
- 生成中文版JavaDoc
- urllib2中自定义opener
- mysql数据库备份执行计划
- Robotium API -- click/clickLong操作
- 强算KMeans聚类算法演示器
- web前端-雅虎34条规则优化
- maven打包配置
- 深入理解Java内部类
- BAT脚本实例
- Omi框架学习之旅 - 插件机制之omi-transform及原理说明
- Java知多少(59)创建多线程
- mfc CImageList和CListCtrl
- Android开发简历书写的各个要点
- JDeveloper 开发环境配置
- Postgres间隔大量写IO的解决办法
- Aop检查Session,全局过滤器和No全局过滤器
- c#ArrayList 对象集合 按某字段(属性)排序