oracle 18c 18.3 學習之二 common user local user
os: centos 7.4
db: oracle 18c(18.3)
12c開始引入了cdb,pdb,使用者也自然有了 common user 和 local user ,怎麼理解這兩類使用者了?
common user
在CDB中建立的以C##(或者c##)開頭使用者就是 common user,建立的 common user 會傳遞到每一個 container。
local user
在PDB中建立的不以C##(或者c##)開頭使用者就是 local user,只會存在於所屬的 pdb。
按照12c之前的格式建立使用者
$ sqlplus / as sysdba; SQL> show con_id CON_ID ------------------------------ 1 SQL> show con_name CON_NAME ------------------------------ CDB$ROOT SQL> SQL> create user user1 identified by rootroot; create user user1 identified by rootroot * ERROR at line 1: ORA-65096: invalid common user or role name SQL>
出錯了,看來還是有區別的。檢視oracle doc
https://docs.oracle.com/en/database/oracle/oracle-database/18/sqlrf/CREATE-USER.html#GUID-F0246961-558F-480B-AC0F-14B50134621C
關鍵描述如下:
In a non-CDB, a user name cannot begin with C## or c##.
In a CDB, the requirements for a user name are as follows:
The name of a common user must begin with characters that are a case-insensitive match to the prefix specified by the COMMON_USER_PREFIX initialization parameter. By default, the prefix is C##.
The name of a local user must not begin with characters that are a case-insensitive match to the prefix specified by the COMMON_USER_PREFIX initialization parameter. Regardless of the value of COMMON_USER_PREFIX, the name of a local user can never begin with C## or c##.
看來 CDB 區分有了 common user 和 local user 的概念,使用者名稱還與一個引數有關
SQL> show parameter COMMON_USER_PREFIX;
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
common_user_prefix string C##
看來 common user 必須以 C##(或者c##)開頭,local user 不能以 C##(或者c##)開頭。
建立 common user
建立 common user 時,container 必須為cdb,使用 sqlplus 預設連線的就是 cdb。
可以通過 alter session set container=CDB$ROOT; 切回到 cdb。
$ sqlplus / as sysdba;
SQL> show con_name
CON_NAME
------------------------------
CDB$ROOT
SQL> create user c##peiyb identified by rootroot;
User created.
SQL> select username,created,profile from dba_users where lower(username) like '%peiyb%'order by username;
USER_ID USERNAME CREATED PROFILE
---------- -------------------------------------------------------------------------------------------------------------------------------- ------------------- --------------------------------------------------------------------------------------------------------------------------------
102 C##PEIYB 2018-11-23 19:45:32 DEFAULT
SQL> grant dba to c##peiyb container=all;
Grant succeeded.
使用者授權預設情況下是隻會給當前container,在cdb中也可以指定container=all,對所有open的pdb且存在該使用者都進行授權
建立 local user
建立 local user 時,container 必須為pdb,可以通過 alter session set container=xxoo; 進入指定的pdb。
$ sqlplus / as sysdba;
SQL> show con_name;
CON_NAME
------------------------------
CDB$ROOT
SQL> show pdbs;
CON_ID CON_NAME OPEN MODE RESTRICTED
---------- ------------------------------ ---------- ----------
2 PDB$SEED READ ONLY NO
3 PDBPEIYB READ WRITE NO
SQL> alter session set container=pdbpeiyb;
Session altered.
SQL> show con_name;
CON_NAME
------------------------------
PDBPEIYB
SQL> create user peiyb identified by rootroot;
User created.
SQL> select user_id,username,created,profile from dba_users where lower(username) like '%peiyb%'order by username;
USER_ID USERNAME CREATED PROFILE
---------- -------------------------------------------------------------------------------------------------------------------------------- ------------------- --------------------------------------------------------------------------------------------------------------------------------
104 C##PEIYB 2018-11-23 19:45:32 DEFAULT
105 PEIYB 2018-11-23 19:54:26 DEFAULT
SQL> grant dba to peiyb;
Grant succeeded.
注意兩次查詢出來的 C##PEIYB 對應的 user_id 不一致。
common user 連線資料庫
$ lsnrctl status
LSNRCTL for Linux: Version 18.0.0.0.0 - Production on 23-NOV-2018 20:10:48
Copyright (c) 1991, 2018, Oracle. All rights reserved.
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=18c3node1)(PORT=1521)))
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for Linux: Version 18.0.0.0.0 - Production
Start Date 23-NOV-2018 10:46:22
Uptime 0 days 9 hr. 24 min. 25 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Listener Parameter File /u01/app/oracle/product/18.3.0/db_1/network/admin/listener.ora
Listener Log File /u01/app/oracle/diag/tnslsnr/18c3node1/listener/alert/log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=18c3node1)(PORT=1521)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=18c3node1)(PORT=5500))(Security=(my_wallet_directory=/u01/app/oracle/admin/orcl/xdb_wallet))(Presentation=HTTP)(Session=RAW))
Services Summary...
Service "64a52f53a7683286e053cda9e80aed76" has 1 instance(s).
Instance "orcl", status READY, has 1 handler(s) for this service...
Service "7b3df131086d5813e0536538a8c08359" has 1 instance(s).
Instance "orcl", status READY, has 1 handler(s) for this service...
Service "orcl" has 1 instance(s).
Instance "orcl", status READY, has 1 handler(s) for this service...
Service "orclXDB" has 1 instance(s).
Instance "orcl", status READY, has 1 handler(s) for this service...
Service "pdbpeiyb" has 1 instance(s).
Instance "orcl", status READY, has 1 handler(s) for this service...
The command completed successfully
由於 common user 會傳播到每個 container,所以可以登入任何一個 container
$ sqlplus c##peiyb/[email protected]:1521/orcl
SQL*Plus: Release 18.0.0.0.0 - Production on Fri Nov 23 20:53:48 2018
Version 18.3.0.0.0
Copyright (c) 1982, 2018, Oracle. All rights reserved.
Connected to:
Oracle Database 18c Enterprise Edition Release 18.0.0.0.0 - Production
Version 18.3.0.0.0
SQL>
SQL>
SQL> show con_name;
CON_NAME
------------------------------
CDB$ROOT
$ sqlplus c##peiyb/[email protected]:1521/pdbpeiyb
SQL*Plus: Release 18.0.0.0.0 - Production on Fri Nov 23 20:54:28 2018
Version 18.3.0.0.0
Copyright (c) 1982, 2018, Oracle. All rights reserved.
Last Successful login time: Fri Nov 23 2018 20:53:48 +08:00
Connected to:
Oracle Database 18c Enterprise Edition Release 18.0.0.0.0 - Production
Version 18.3.0.0.0
SQL> show con_name;
CON_NAME
------------------------------
PDBPEIYB
local user 連線資料庫
$ sqlplus peiyb/[email protected]:1521/pdbpeiyb
SQL*Plus: Release 18.0.0.0.0 - Production on Fri Nov 23 20:15:49 2018
Version 18.3.0.0.0
Copyright (c) 1982, 2018, Oracle. All rights reserved.
Connected to:
Oracle Database 18c Enterprise Edition Release 18.0.0.0.0 - Production
Version 18.3.0.0.0
SQL> show con_name;
CON_NAME
------------------------------
PDBPEIYB
SQL> select SYS_CONTEXT('USERENV','CURRENT_USERID'),SYS_CONTEXT('USERENV','SESSION_USERID') from dual;
SYS_CONTEXT('USERENV','CURRENT_USERID') SYS_CONTEXT('USERENV','SESSION_USERID')
---------------------------------------- ----------------------------------------
105 105
每個PDB都是獨立的單元,有自己的使用者(local user)、表空間、資料檔案,每個local user只能訪問自己的PDB,而common user只要許可權足夠,可以訪問任意PDB。