os: centos 7.4
db: oracle 18c(18.3)
12c开始引入了cdb,pdb,用户也自然有了 common user 和 local user ,怎么理解这两类用户了?
common user
在CDB中创建的以C##(或者c##)开头用户就是 common user,创建的 common user 会传递到每一个 container。
local user
在PDB中创建的不以C##(或者c##)开头用户就是 local user,只会存在于所属的 pdb。
按照12c之前的格式创建用户
$ sqlplus / as sysdba;
SQL> show con_id
CON_ID
------------------------------
1
SQL> show con_name
CON_NAME
------------------------------
CDB$ROOT
SQL>
SQL> create user user1 identified by rootroot;
create user user1 identified by rootroot
*
ERROR at line 1:
ORA-65096: invalid common user or role name
SQL>
出错了,看来还是有区别的。查看oracle doc
https://docs.oracle.com/en/database/oracle/oracle-database/18/sqlrf/CREATE-USER.html#GUID-F0246961-558F-480B-AC0F-14B50134621C
关键描述如下:
In a non-CDB, a user name cannot begin with C## or c##.
In a CDB, the requirements for a user name are as follows:
The name of a common user must begin with characters that are a case-insensitive match to the prefix specified by the COMMON_USER_PREFIX initialization parameter. By default, the prefix is C##.
The name of a local user must not begin with characters that are a case-insensitive match to the prefix specified by the COMMON_USER_PREFIX initialization parameter. Regardless of the value of COMMON_USER_PREFIX, the name of a local user can never begin with C## or c##.
看来 CDB 区分有了 common user 和 local user 的概念,用户名还与一个参数有关
SQL> show parameter COMMON_USER_PREFIX;
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
common_user_prefix string C##
看来 common user 必须以 C##(或者c##)开头,local user 不能以 C##(或者c##)开头。
创建 common user
创建 common user 时,container 必须为cdb,使用 sqlplus 默认连接的就是 cdb。
可以通过 alter session set container=CDB$ROOT; 切回到 cdb。
$ sqlplus / as sysdba;
SQL> show con_name
CON_NAME
------------------------------
CDB$ROOT
SQL> create user c##peiyb identified by rootroot;
User created.
SQL> select username,created,profile from dba_users where lower(username) like '%peiyb%'order by username;
USER_ID USERNAME CREATED PROFILE
---------- -------------------------------------------------------------------------------------------------------------------------------- ------------------- --------------------------------------------------------------------------------------------------------------------------------
102 C##PEIYB 2018-11-23 19:45:32 DEFAULT
SQL> grant dba to c##peiyb container=all;
Grant succeeded.
用户授权默认情况下是只会给当前container,在cdb中也可以指定container=all,对所有open的pdb且存在该用户都进行授权
创建 local user
创建 local user 时,container 必须为pdb,可以通过 alter session set container=xxoo; 进入指定的pdb。
$ sqlplus / as sysdba;
SQL> show con_name;
CON_NAME
------------------------------
CDB$ROOT
SQL> show pdbs;
CON_ID CON_NAME OPEN MODE RESTRICTED
---------- ------------------------------ ---------- ----------
2 PDB$SEED READ ONLY NO
3 PDBPEIYB READ WRITE NO
SQL> alter session set container=pdbpeiyb;
Session altered.
SQL> show con_name;
CON_NAME
------------------------------
PDBPEIYB
SQL> create user peiyb identified by rootroot;
User created.
SQL> select user_id,username,created,profile from dba_users where lower(username) like '%peiyb%'order by username;
USER_ID USERNAME CREATED PROFILE
---------- -------------------------------------------------------------------------------------------------------------------------------- ------------------- --------------------------------------------------------------------------------------------------------------------------------
104 C##PEIYB 2018-11-23 19:45:32 DEFAULT
105 PEIYB 2018-11-23 19:54:26 DEFAULT
SQL> grant dba to peiyb;
Grant succeeded.
注意两次查询出来的 C##PEIYB 对应的 user_id 不一致。
common user 连接数据库
$ lsnrctl status
LSNRCTL for Linux: Version 18.0.0.0.0 - Production on 23-NOV-2018 20:10:48
Copyright (c) 1991, 2018, Oracle. All rights reserved.
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=18c3node1)(PORT=1521)))
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for Linux: Version 18.0.0.0.0 - Production
Start Date 23-NOV-2018 10:46:22
Uptime 0 days 9 hr. 24 min. 25 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Listener Parameter File /u01/app/oracle/product/18.3.0/db_1/network/admin/listener.ora
Listener Log File /u01/app/oracle/diag/tnslsnr/18c3node1/listener/alert/log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=18c3node1)(PORT=1521)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=18c3node1)(PORT=5500))(Security=(my_wallet_directory=/u01/app/oracle/admin/orcl/xdb_wallet))(Presentation=HTTP)(Session=RAW))
Services Summary...
Service "64a52f53a7683286e053cda9e80aed76" has 1 instance(s).
Instance "orcl", status READY, has 1 handler(s) for this service...
Service "7b3df131086d5813e0536538a8c08359" has 1 instance(s).
Instance "orcl", status READY, has 1 handler(s) for this service...
Service "orcl" has 1 instance(s).
Instance "orcl", status READY, has 1 handler(s) for this service...
Service "orclXDB" has 1 instance(s).
Instance "orcl", status READY, has 1 handler(s) for this service...
Service "pdbpeiyb" has 1 instance(s).
Instance "orcl", status READY, has 1 handler(s) for this service...
The command completed successfully
由于 common user 会传播到每个 container,所以可以登录任何一个 container
$ sqlplus c##peiyb/[email protected]:1521/orcl
SQL*Plus: Release 18.0.0.0.0 - Production on Fri Nov 23 20:53:48 2018
Version 18.3.0.0.0
Copyright (c) 1982, 2018, Oracle. All rights reserved.
Connected to:
Oracle Database 18c Enterprise Edition Release 18.0.0.0.0 - Production
Version 18.3.0.0.0
SQL>
SQL>
SQL> show con_name;
CON_NAME
------------------------------
CDB$ROOT
$ sqlplus c##peiyb/[email protected]:1521/pdbpeiyb
SQL*Plus: Release 18.0.0.0.0 - Production on Fri Nov 23 20:54:28 2018
Version 18.3.0.0.0
Copyright (c) 1982, 2018, Oracle. All rights reserved.
Last Successful login time: Fri Nov 23 2018 20:53:48 +08:00
Connected to:
Oracle Database 18c Enterprise Edition Release 18.0.0.0.0 - Production
Version 18.3.0.0.0
SQL> show con_name;
CON_NAME
------------------------------
PDBPEIYB
local user 连接数据库
$ sqlplus peiyb/[email protected]:1521/pdbpeiyb
SQL*Plus: Release 18.0.0.0.0 - Production on Fri Nov 23 20:15:49 2018
Version 18.3.0.0.0
Copyright (c) 1982, 2018, Oracle. All rights reserved.
Connected to:
Oracle Database 18c Enterprise Edition Release 18.0.0.0.0 - Production
Version 18.3.0.0.0
SQL> show con_name;
CON_NAME
------------------------------
PDBPEIYB
SQL> select SYS_CONTEXT('USERENV','CURRENT_USERID'),SYS_CONTEXT('USERENV','SESSION_USERID') from dual;
SYS_CONTEXT('USERENV','CURRENT_USERID') SYS_CONTEXT('USERENV','SESSION_USERID')
---------------------------------------- ----------------------------------------
105 105
每个PDB都是独立的单元,有自己的用户(local user)、表空间、数据文件,每个local user只能访问自己的PDB,而common user只要权限足够,可以访问任意PDB。