1. 程式人生 > >oracle 18c 18.3 學習之二 common user local user

oracle 18c 18.3 學習之二 common user local user

os: centos 7.4
db: oracle 18c(18.3)

12c開始引入了cdb,pdb,使用者也自然有了 common user 和 local user ,怎麼理解這兩類使用者了?

common user
在CDB中建立的以C##(或者c##)開頭使用者就是 common user,建立的 common user 會傳遞到每一個 container。

local user
在PDB中建立的不以C##(或者c##)開頭使用者就是 local user,只會存在於所屬的 pdb。

按照12c之前的格式建立使用者

$ sqlplus / as sysdba;

SQL> show con_id

CON_ID
------------------------------
1
SQL> show con_name

CON_NAME
------------------------------
CDB$ROOT
SQL> 
SQL> create user user1 identified by rootroot;
create user user1 identified by rootroot
            *
ERROR at line 1:
ORA-65096: invalid common user or role name


SQL>

出錯了,看來還是有區別的。檢視oracle doc
https://docs.oracle.com/en/database/oracle/oracle-database/18/sqlrf/CREATE-USER.html#GUID-F0246961-558F-480B-AC0F-14B50134621C

關鍵描述如下:
In a non-CDB, a user name cannot begin with C## or c##.

In a CDB, the requirements for a user name are as follows:

The name of a common user must begin with characters that are a case-insensitive match to the prefix specified by the COMMON_USER_PREFIX initialization parameter. By default, the prefix is C##.

The name of a local user must not begin with characters that are a case-insensitive match to the prefix specified by the COMMON_USER_PREFIX initialization parameter. Regardless of the value of COMMON_USER_PREFIX, the name of a local user can never begin with C## or c##.

看來 CDB 區分有了 common user 和 local user 的概念,使用者名稱還與一個引數有關

SQL> show parameter COMMON_USER_PREFIX;

NAME				     TYPE	 VALUE
------------------------------------ ----------- ------------------------------
common_user_prefix		     string	 C##

看來 common user 必須以 C##(或者c##)開頭,local user 不能以 C##(或者c##)開頭。

建立 common user

建立 common user 時,container 必須為cdb,使用 sqlplus 預設連線的就是 cdb。
可以通過 alter session set container=CDB$ROOT; 切回到 cdb。

$ sqlplus / as sysdba;

SQL> show con_name

CON_NAME
------------------------------
CDB$ROOT
SQL> create user c##peiyb identified by rootroot;

User created.

SQL> select username,created,profile from dba_users where lower(username) like '%peiyb%'order by username;

   USER_ID USERNAME															    CREATED		PROFILE
---------- -------------------------------------------------------------------------------------------------------------------------------- ------------------- --------------------------------------------------------------------------------------------------------------------------------
       102 C##PEIYB															    2018-11-23 19:45:32 DEFAULT

SQL> grant dba to c##peiyb container=all;

Grant succeeded.

使用者授權預設情況下是隻會給當前container,在cdb中也可以指定container=all,對所有open的pdb且存在該使用者都進行授權

建立 local user

建立 local user 時,container 必須為pdb,可以通過 alter session set container=xxoo; 進入指定的pdb。

$ sqlplus / as sysdba;

SQL> show con_name;

CON_NAME
------------------------------
CDB$ROOT
SQL> show pdbs;

    CON_ID CON_NAME			  OPEN MODE  RESTRICTED
---------- ------------------------------ ---------- ----------
	 2 PDB$SEED			  READ ONLY  NO
	 3 PDBPEIYB			  READ WRITE NO
SQL> alter session set container=pdbpeiyb;

Session altered.

SQL> show con_name;

CON_NAME
------------------------------
PDBPEIYB
SQL> create user peiyb identified by rootroot;

User created.	 
SQL> select user_id,username,created,profile from dba_users where lower(username) like '%peiyb%'order by username;

   USER_ID USERNAME															    CREATED		PROFILE
---------- -------------------------------------------------------------------------------------------------------------------------------- ------------------- --------------------------------------------------------------------------------------------------------------------------------
       104 C##PEIYB															    2018-11-23 19:45:32 DEFAULT
       105 PEIYB															    2018-11-23 19:54:26 DEFAULT

SQL> grant dba to peiyb;

Grant succeeded.

注意兩次查詢出來的 C##PEIYB 對應的 user_id 不一致。

common user 連線資料庫

$ lsnrctl status

LSNRCTL for Linux: Version 18.0.0.0.0 - Production on 23-NOV-2018 20:10:48

Copyright (c) 1991, 2018, Oracle.  All rights reserved.

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=18c3node1)(PORT=1521)))
STATUS of the LISTENER
------------------------
Alias                     LISTENER
Version                   TNSLSNR for Linux: Version 18.0.0.0.0 - Production
Start Date                23-NOV-2018 10:46:22
Uptime                    0 days 9 hr. 24 min. 25 sec
Trace Level               off
Security                  ON: Local OS Authentication
SNMP                      OFF
Listener Parameter File   /u01/app/oracle/product/18.3.0/db_1/network/admin/listener.ora
Listener Log File         /u01/app/oracle/diag/tnslsnr/18c3node1/listener/alert/log.xml
Listening Endpoints Summary...
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=18c3node1)(PORT=1521)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=18c3node1)(PORT=5500))(Security=(my_wallet_directory=/u01/app/oracle/admin/orcl/xdb_wallet))(Presentation=HTTP)(Session=RAW))
Services Summary...
Service "64a52f53a7683286e053cda9e80aed76" has 1 instance(s).
  Instance "orcl", status READY, has 1 handler(s) for this service...
Service "7b3df131086d5813e0536538a8c08359" has 1 instance(s).
  Instance "orcl", status READY, has 1 handler(s) for this service...
Service "orcl" has 1 instance(s).
  Instance "orcl", status READY, has 1 handler(s) for this service...
Service "orclXDB" has 1 instance(s).
  Instance "orcl", status READY, has 1 handler(s) for this service...
Service "pdbpeiyb" has 1 instance(s).
  Instance "orcl", status READY, has 1 handler(s) for this service...
The command completed successfully

由於 common user 會傳播到每個 container,所以可以登入任何一個 container

$ sqlplus c##peiyb/[email protected]:1521/orcl

SQL*Plus: Release 18.0.0.0.0 - Production on Fri Nov 23 20:53:48 2018
Version 18.3.0.0.0

Copyright (c) 1982, 2018, Oracle.  All rights reserved.


Connected to:
Oracle Database 18c Enterprise Edition Release 18.0.0.0.0 - Production
Version 18.3.0.0.0

SQL> 
SQL> 
SQL> show con_name;

CON_NAME
------------------------------
CDB$ROOT
$ sqlplus c##peiyb/[email protected]:1521/pdbpeiyb

SQL*Plus: Release 18.0.0.0.0 - Production on Fri Nov 23 20:54:28 2018
Version 18.3.0.0.0

Copyright (c) 1982, 2018, Oracle.  All rights reserved.

Last Successful login time: Fri Nov 23 2018 20:53:48 +08:00

Connected to:
Oracle Database 18c Enterprise Edition Release 18.0.0.0.0 - Production
Version 18.3.0.0.0

SQL> show con_name;

CON_NAME
------------------------------
PDBPEIYB

local user 連線資料庫

$ sqlplus peiyb/[email protected]:1521/pdbpeiyb

SQL*Plus: Release 18.0.0.0.0 - Production on Fri Nov 23 20:15:49 2018
Version 18.3.0.0.0

Copyright (c) 1982, 2018, Oracle.  All rights reserved.


Connected to:
Oracle Database 18c Enterprise Edition Release 18.0.0.0.0 - Production
Version 18.3.0.0.0

SQL> show con_name;

CON_NAME
------------------------------
PDBPEIYB

SQL> select SYS_CONTEXT('USERENV','CURRENT_USERID'),SYS_CONTEXT('USERENV','SESSION_USERID') from dual;

SYS_CONTEXT('USERENV','CURRENT_USERID')  SYS_CONTEXT('USERENV','SESSION_USERID')
---------------------------------------- ----------------------------------------
105                                      105


每個PDB都是獨立的單元,有自己的使用者(local user)、表空間、資料檔案,每個local user只能訪問自己的PDB,而common user只要許可權足夠,可以訪問任意PDB。

參考:
https://docs.oracle.com/en/database/oracle/oracle-database/18/sqlrf/CREATE-USER.html#GUID-F0246961-558F-480B-AC0F-14B50134621C