oracle12C 创建用户学习
Oracle 12C中,账号分为两种,一种是公用账号,一种是本地账号(亦可理解为私有账号)。共有账号是指在CDB下创建,并在全部PDB中生效的账号,另一种是在PDB中创建的账号。
针对这两种账号的测试如下:
1.1 在PDB中创建测试账号
SQL> alter session set container=pdb01;
SQL> select username from dba_users where username like 'GUI%';
SQL> CREATE USER TEST IDENTIFIED BY test;
SQL> grant dba to test;
SQL> show con_name
CON_NAME
------------------------------
PDB01
SQL> conn /as sysdba
Connected.
SQL> create user test identified by test;
create user test identified by test
*
ERROR at line 1:
ORA-65096: invalid common user or role name
SQL> show con_name
CON_NAME
------------------------------
CDB$ROOT
结论:
如果在PDB中已经存在一个用户或者角色,则在CDB中不能创建相同的账号或者角色名。
1.2 在CDB中创建测试账号
SQL> show con_name
CON_NAME
------------------------------
CDB$ROOT
SQL> create user C##GUIJIAN IDENTIFIED BY guijian; ------注意CDB中创建用户一定要带上c##
SQL> create user c#gui identified by gui;
create user c#gui identified by gui
*
ERROR at line 1:
ORA-65096: invalid common user or role name
SQL> select username from dba_users where username like '%GUI%';
USERNAME
--------------------------------------------------------------------------------
C##GUIJIAN
SQL> ALTER SESSION SET CONTAINER=PDB01;
SQL> select username from dba_users where username like '%GUI%';
USERNAME
--------------------------------------------------------------------------------
C##GUIJIAN
SQL> create user guijian identified by guijian;
同样在CDB中创建账号后不能在PDB中出现同名的账号,因CDB中的账号对所有的PDB都是有效的。
SQL> create user c##guijian identified by guijian;
create user c##guijian identified by guijian
*
ERROR at line 1:
ORA-65094: invalid local user or role name
SQL> alter session set container=pdba;
Session altered.
SQL> show user
USER is "SYS"
SQL> alter user sys identified by sys;
alter user sys identified by sys
*
ERROR at line 1:
ORA-65066: The specified changes must apply to all containers
SQL> show con_name
CON_NAME
------------------------------
PDBA
SQL> conn /as sysdba
SQL> show con_name
CON_NAME
------------------------------
CDB$ROOT
SQL> alter user sys identified by sys;
1.3 CDB下创建账号的权限问题
SQL> conn / as sysdba
SQL> grant connect,create session to c##cdb;
SQL> conn c##cdb/cdb@pdba
ERROR:
ORA-01045: user C##CDB lacks CREATE SESSION privilege; logon denied
Warning: You are no longer connected to ORACLE.
SQL> a
SP2-0004: Nothing to append.
SQL> conn / as sysdba
Connected.
SQL> alter session set container=pdba;
SQL> grant resource,connect to c##cdb;
SQL> conn /as sysdba
SQL> conn c##cdb/cdb@pdba
SQL> conn / as sysdba
SQL> create user guijian identified by guijian container=current;
create user guijian identified by guijian container=current
*
ERROR at line 1:
ORA-65049: creation of local user or role is not allowed in CDB$ROOT
SQL> create user c##guijian identified by guijian container=current;
create user c##guijian identified by guijian container=current
*
ERROR at line 1:
ORA-65094: invalid local user or role name
SQL> show con_name
CON_NAME
------------------------------
CDB$ROOT
SQL> create user c##guijian identified by guijian container=all;
SQL> create user c##guijian01 identified by guijian;
SQL> conn /as sysdba
SQL> show con_name
CON_NAME
------------------------------
CDB$ROOT
SQL> grant dba to c##guijian01;
SQL> conn c##guijian01/guijian@pdba
ERROR:
ORA-01045: user C##GUIJIAN01 lacks CREATE SESSION privilege; logon denied
Warning: You are no longer connected to ORACLE.
SQL> conn /as sysdba
SQL> show con_name
CON_NAME
------------------------------
CDB$ROOT
SQL> grant dba to c##guijian01 container=all;
SQL> conn c##guijian01/guijian@pdba
1.4 对象管理测试
对象管理测试中,我们简单测试在共有账号的数据对象的CDB和PDB下的不同。
1、在CDB下创建对象,在PDB下查看:
SQL> conn c##cdb/cdb
SQL> show con_name
CON_NAME
------------------------------
CDB$ROOT
SQL> create table cdb as select * from dba_users;
SQL> commit;
可以看到,在CDB下的共有账号创建的对象在PDB下是看不到的。
2、在PDB下的共有账号创建对象,在CDB下查看:
SQL> show con_name
CON_NAME
------------------------------
PDBA
SQL> show user
USER is "C##CDB"
SQL> select object_name from user_objects;
SQL> create table cdb as select * from dba_users;
可以看出,针对同一个共有账号在PDB下创建的账号在CDB是看不到的,此外我们还注意到一个细节,针对同一个共有账号,在PDB和CDB下创建的共有账号因在CDB和PDB下被赋予了不同的含义,故在CDB下创建的对象和在PDB下创建的对象是可以同名的,反之也成立。
结论:
1、 如果在PDB中已经存在一个用户或者角色,则在CDB中不能创建相同的账号或者角色名。
2、 同样在CDB中创建账号后不能在PDB中出现同名的账号,因CDB中的账号对所有的PDB都是有效的。
3、 在CDB中创建的账号将会在全部的PDB中出现,但是在CDB中的授权,如非特别指定的话,并不能传递到PDB中。
4、 针对同一个共有账号在PDB下创建的账号在CDB是看不到的。针对同一个共有账号,在PDB和CDB下创建的共有账号因在CDB和PDB下被赋予了不同的含义,故在 CDB下创建的对象和在PDB下创建的对象是可以同名的,反之也成立。
下一篇:DB2数据库在线备份还原笔记