官方文档:http://docs.oracle.com/database/121/ADMQS/users_secure.htm#ADMQS12486
About Commonality in a CDB
In a multitenant container database (CDB), the basic principle of commonality is that a common phenomenon is the same in every existing and future container.
In a CDB, "common" means "common to all containers." In contrast, a
local phenomenon is restricted to exactly one existing container.
A corollary to the principle of commonality is that only a common user can alter the existence of common phenomena.
More precisely, only a common user connected to the root can create,
destroy, or modify CDB-wide attributes of a common user or role.
Common Users in a CDB
A common user is a database user that has the same identity in the
root and in every existing and future PDB. Every common user can connect
to and perform operations within the root, and within any PDB in which
it has privileges.
Every common user is either Oracle-supplied or user-created. Examples of Oracle-supplied common users are SYS and SYSTEM.
Common users have the following characteristics:
A common user can log in to any container (including CDB$ROOT) in which it has the CREATE SESSION privilege.
A common user need not have the same privileges in every container. For example, the c##dba user may have the privilege to create a session in the root and in one
PDB, but not to create a session in a different PDB. Because a common
user with the appropriate privileges can switch between containers, a
common user in the root can administer PDBs.
The name of every user-created common user must begin with the characters c## or C##. (Oracle-supplied common user names do not have this restriction.)
No local user name may begin with the characters c## or C##.
The names of common users must contain only ASCII or EBCDIC characters.
Every common user is uniquely named across all containers.
A common user resides in the root, but must be able to connect to every PDB with the same identity.
The schemas for a common user can differ in each container.
For example, if c##dba is a common user that has privileges on multiple containers, then the c##dba schema in each of these containers may contain different objects.
Local Users in a CDB
A local user is a user that is not common and that can operate only
within a single PDB. Local users have the following characteristics:
A local user is specific to a particular PDB and owns a schema in this PDB.
A local user cannot be created in the root.
A local user on one PDB cannot log in to another PDB or to the root.
The name of a local user cannot begin with the characters c## or C##.
The name of a local user must only be unique within its PDB.
The user name and the PDB in which that user schema is contained
determine a unique local user. For example, a local user and schema
named rep can exist on a PDB named hrpdb. A completely independent local user and schema named rep can exist on a PDB named salespdb.
Whether local users can access objects in a common schema depends on their user privileges.
For example, the c##dba common user may create a table in the c##dba schema on the hrpdb PDB. Unless c##dba grants the necessary privileges to the local hr user on this table, hr cannot access it.
608
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
