--官方文档 连接PDB
Connecting as Target to a PDB
To connect as target to a PDB, you must:
Connect with a net service name that resolves to a database service for that PDB.
Connect as a local user or common user with the SYSDBA privilege.
Example 4-19 illustrates a connection to a PDB. It assumes the following
You want to perform RMAN operations on a PDB named hrpdb.
The net service name hrpdb resolves to a database service for the hrpdb PDB.
The local user hrbkup was created in the hrpdb PDB and granted the SYSDBA privilege.
Example 4-19 Connecting As Target to a PDB
rman target hrbkup@hrpdb
target database Password: password
connected to target database: CDB (DBID=659628168)
--实际操作过程
SQL> show pdbs
CON_ID CON_NAME OPEN MODE RESTRICTED
---------- ------------------------------ ---------- ----------
3 PDBCNDBA READ WRITE NO
SQL> grant dba to test;
Grant succeeded.
[oracle@dg1 ~]$ rman target test@pdbcndba
Recovery Manager: Release 12.2.0.1.0 - Production on Wed Aug 2 20:40:50 2017
Copyright (c) 1982, 2017, Oracle and/or its affiliates. All rights reserved.
target database Password:
RMAN-00571: ===========================================================
RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
RMAN-00571: ===========================================================
RMAN-00554: initialization of internal recovery manager package failed
RMAN-04005: error from target database:
ORA-01017: invalid username/password; logon denied
--已经按照官方文档,tnsname.ora 已经添加PDb service
pdbcndba =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = dg1)(PORT = 1521))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = pdbcndba)
)
)
--test 已经赋予dbs 权限
在sqlplus 可以连接pdb
SQL> conn test/test@pdbcndba
Connected.
SQL>
于是尝试使用sys 进行rman 连接,连接成功
[oracle@dg1 ~]$ rman target sys@pdbcndba
Recovery Manager: Release 12.2.0.1.0 - Production on Wed Aug 2 20:46:50 2017
Copyright (c) 1982, 2017, Oracle and/or its affiliates. All rights reserved.
target database Password:
connected to target database: CNDBA:PDBCNDBA (DBID=2565515280)
再次查看官方文档,granted the SYSDBA privilege。原来是赋值权限有问题,再次赋权限,连接成功。
SQL> show pdbs
CON_ID CON_NAME OPEN MODE RESTRICTED
---------- ------------------------------ ---------- ----------
3 PDBCNDBA READ WRITE NO
SQL> grant sysdba to test;
Grant succeeded.
[oracle@dg1 ~]$ rman target test@pdbcndba
Recovery Manager: Release 12.2.0.1.0 - Production on Wed Aug 2 20:42:04 2017
Copyright (c) 1982, 2017, Oracle and/or its affiliates. All rights reserved.
target database Password:
connected to target database: CNDBA:PDBCNDBA (DBID=2565515280)
附件:
DBA:在Oracle数据库里面其实只是一个角色(role)。那么什么是角色呢?可以简单的认为一个角色就是某些个权限的集合体,也就是说把多个系统权限(system privilege),对象权限(object privilege)以及角色(role)揉和在一起,然后赋给一个角色。说白了,Oracle引入角色的概念,其实是为了避免相关的系统权限和对象权限的赋予和回收的复杂性。把一堆系统权限和对象权限以及角色打包之后赋给某个新角色,然后再对这个新角色进行必要的操作就显得相当便捷和方便了。当然,在Oracle里面一个角色是可以赋给另外一个角色的,但是角色的赋给是不能够构成循环回路的。eg:先把role1给role2,然后把role2给role3,那么你就不可以再把role3给role1了。这是Oracle不允许的,其实你也不可以成功执行这样的包含回路角色的授权的!
SYSDBA:说白了就是一种系统权限。当我们在SQL*PLUS命令行上执行了类似如下的操作:
SQL>conn / as sysdba;这时候,其实我们是以SYSDBA这个身份去登陆数据库的有以下权限。
■ Perform STARTUP and SHUTDOWN operations
■ ALTER DATABASE: open, mount, back up, or change character set
■ CREATE DATABASE
■ DROP DATABASE
■ CREATE SPFILE
■ ALTER DATABASE ARCHIVELOG
■ ALTER DATABASE RECOVER
■ Includes the RESTRICTED SESSION privilege