oracle 18c 18.3 学习之二 common user local user

版权声明：本文为博主原创文章，转载请标明出处。 https://blog.csdn.net/ctypyb2002/article/details/84446679

os: centos 7.4
db: oracle 18c(18.3)

12c开始引入了cdb，pdb，用户也自然有了 common user 和 local user ，怎么理解这两类用户了？

common user
在CDB中创建的以C##(或者c##)开头用户就是 common user，创建的 common user 会传递到每一个 container。

local user
在PDB中创建的不以C##(或者c##)开头用户就是 local user，只会存在于所属的 pdb。

按照12c之前的格式创建用户

$ sqlplus / as sysdba;

SQL> show con_id

CON_ID
------------------------------
1
SQL> show con_name

CON_NAME
------------------------------
CDB$ROOT
SQL> 
SQL> create user user1 identified by rootroot;
create user user1 identified by rootroot
            *
ERROR at line 1:
ORA-65096: invalid common user or role name


SQL>

出错了，看来还是有区别的。查看oracle doc
https://docs.oracle.com/en/database/oracle/oracle-database/18/sqlrf/CREATE-USER.html#GUID-F0246961-558F-480B-AC0F-14B50134621C

关键描述如下：
In a non-CDB, a user name cannot begin with C## or c##.

In a CDB, the requirements for a user name are as follows:

The name of a common user must begin with characters that are a case-insensitive match to the prefix specified by the COMMON_USER_PREFIX initialization parameter. By default, the prefix is C##.

The name of a local user must not begin with characters that are a case-insensitive match to the prefix specified by the COMMON_USER_PREFIX initialization parameter. Regardless of the value of COMMON_USER_PREFIX, the name of a local user can never begin with C## or c##.

看来 CDB 区分有了 common user 和 local user 的概念，用户名还与一个参数有关

SQL> show parameter COMMON_USER_PREFIX;

NAME				     TYPE	 VALUE
------------------------------------ ----------- ------------------------------
common_user_prefix		     string	 C##

看来 common user 必须以 C##(或者c##)开头，local user 不能以 C##(或者c##)开头。

创建 common user

创建 common user 时，container 必须为cdb，使用 sqlplus 默认连接的就是 cdb。
可以通过 alter session set container=CDB$ROOT; 切回到 cdb。

$ sqlplus / as sysdba;

SQL> show con_name

CON_NAME
------------------------------
CDB$ROOT
SQL> create user c##peiyb identified by rootroot;

User created.

SQL> select username,created,profile from dba_users where lower(username) like '%peiyb%'order by username;

   USER_ID USERNAME															    CREATED		PROFILE
---------- -------------------------------------------------------------------------------------------------------------------------------- ------------------- --------------------------------------------------------------------------------------------------------------------------------
       102 C##PEIYB															    2018-11-23 19:45:32 DEFAULT

SQL> grant dba to c##peiyb container=all;

Grant succeeded.

用户授权默认情况下是只会给当前container,在cdb中也可以指定container=all,对所有open的pdb且存在该用户都进行授权

创建 local user

创建 local user 时，container 必须为pdb，可以通过 alter session set container=xxoo; 进入指定的pdb。

$ sqlplus / as sysdba;

SQL> show con_name;

CON_NAME
------------------------------
CDB$ROOT
SQL> show pdbs;

    CON_ID CON_NAME			  OPEN MODE  RESTRICTED
---------- ------------------------------ ---------- ----------
	 2 PDB$SEED			  READ ONLY  NO
	 3 PDBPEIYB			  READ WRITE NO
SQL> alter session set container=pdbpeiyb;

Session altered.

SQL> show con_name;

CON_NAME
------------------------------
PDBPEIYB
SQL> create user peiyb identified by rootroot;

User created.	 
SQL> select user_id,username,created,profile from dba_users where lower(username) like '%peiyb%'order by username;

   USER_ID USERNAME															    CREATED		PROFILE
---------- -------------------------------------------------------------------------------------------------------------------------------- ------------------- --------------------------------------------------------------------------------------------------------------------------------
       104 C##PEIYB															    2018-11-23 19:45:32 DEFAULT
       105 PEIYB															    2018-11-23 19:54:26 DEFAULT

SQL> grant dba to peiyb;

Grant succeeded.

注意两次查询出来的 C##PEIYB 对应的 user_id 不一致。

common user 连接数据库

$ lsnrctl status

LSNRCTL for Linux: Version 18.0.0.0.0 - Production on 23-NOV-2018 20:10:48

Copyright (c) 1991, 2018, Oracle.  All rights reserved.

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=18c3node1)(PORT=1521)))
STATUS of the LISTENER
------------------------
Alias                     LISTENER
Version                   TNSLSNR for Linux: Version 18.0.0.0.0 - Production
Start Date                23-NOV-2018 10:46:22
Uptime                    0 days 9 hr. 24 min. 25 sec
Trace Level               off
Security                  ON: Local OS Authentication
SNMP                      OFF
Listener Parameter File   /u01/app/oracle/product/18.3.0/db_1/network/admin/listener.ora
Listener Log File         /u01/app/oracle/diag/tnslsnr/18c3node1/listener/alert/log.xml
Listening Endpoints Summary...
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=18c3node1)(PORT=1521)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=18c3node1)(PORT=5500))(Security=(my_wallet_directory=/u01/app/oracle/admin/orcl/xdb_wallet))(Presentation=HTTP)(Session=RAW))
Services Summary...
Service "64a52f53a7683286e053cda9e80aed76" has 1 instance(s).
  Instance "orcl", status READY, has 1 handler(s) for this service...
Service "7b3df131086d5813e0536538a8c08359" has 1 instance(s).
  Instance "orcl", status READY, has 1 handler(s) for this service...
Service "orcl" has 1 instance(s).
  Instance "orcl", status READY, has 1 handler(s) for this service...
Service "orclXDB" has 1 instance(s).
  Instance "orcl", status READY, has 1 handler(s) for this service...
Service "pdbpeiyb" has 1 instance(s).
  Instance "orcl", status READY, has 1 handler(s) for this service...
The command completed successfully

由于 common user 会传播到每个 container，所以可以登录任何一个 container

$ sqlplus c##peiyb/[email protected]:1521/orcl

SQL*Plus: Release 18.0.0.0.0 - Production on Fri Nov 23 20:53:48 2018
Version 18.3.0.0.0

Copyright (c) 1982, 2018, Oracle.  All rights reserved.


Connected to:
Oracle Database 18c Enterprise Edition Release 18.0.0.0.0 - Production
Version 18.3.0.0.0

SQL> 
SQL> 
SQL> show con_name;

CON_NAME
------------------------------
CDB$ROOT

$ sqlplus c##peiyb/[email protected]:1521/pdbpeiyb

SQL*Plus: Release 18.0.0.0.0 - Production on Fri Nov 23 20:54:28 2018
Version 18.3.0.0.0

Copyright (c) 1982, 2018, Oracle.  All rights reserved.

Last Successful login time: Fri Nov 23 2018 20:53:48 +08:00

Connected to:
Oracle Database 18c Enterprise Edition Release 18.0.0.0.0 - Production
Version 18.3.0.0.0

SQL> show con_name;

CON_NAME
------------------------------
PDBPEIYB

local user 连接数据库

$ sqlplus peiyb/[email protected]:1521/pdbpeiyb

SQL*Plus: Release 18.0.0.0.0 - Production on Fri Nov 23 20:15:49 2018
Version 18.3.0.0.0

Copyright (c) 1982, 2018, Oracle.  All rights reserved.


Connected to:
Oracle Database 18c Enterprise Edition Release 18.0.0.0.0 - Production
Version 18.3.0.0.0

SQL> show con_name;

CON_NAME
------------------------------
PDBPEIYB

SQL> select SYS_CONTEXT('USERENV','CURRENT_USERID'),SYS_CONTEXT('USERENV','SESSION_USERID') from dual;

SYS_CONTEXT('USERENV','CURRENT_USERID')  SYS_CONTEXT('USERENV','SESSION_USERID')
---------------------------------------- ----------------------------------------
105                                      105

每个PDB都是独立的单元，有自己的用户(local user)、表空间、数据文件，每个local user只能访问自己的PDB，而common user只要权限足够，可以访问任意PDB。

参考：
https://docs.oracle.com/en/database/oracle/oracle-database/18/sqlrf/CREATE-USER.html#GUID-F0246961-558F-480B-AC0F-14B50134621C