标签:set altered 角色 cdb14 pdb SQL sysdba alter
我们在pdb$seed 这个pdb里创建一个用户,并且赋予sysdba这个角色
SQL> alter session set container=pdb$seed;
Session altered.
SQL> alter session set "_oracle_script"=true;
Session altered.
SQL> alter pluggable database close immediate instances=all;
Pluggable database altered.
SQL> alter pluggable database open read write instances=all;
Pluggable database altered.
SQL> column name format a30
SQL> select inst_id,name,open_mode from gv$pdbs;
INST_ID NAME OPEN_MODE
---------- ------------------------------ ----------
1 PDB$SEED READ WRITE
2 PDB$SEED READ WRITE
SQL> create user pdb_admin identified by cdb14;
create user pdb_admin identified by cdb14
*
ERROR at line 1:
ORA-01031: insufficient privileges
这个错误的原因是因为我enable 了lockdown ,所以sys用户无法创建user
SQL> connect c##dv_cloud_admin_backup/cdb14@cdb14
Connected.
SQL> alter session set container=pdb$seed;
ERROR:
ORA-01031: insufficient privileges
c##dv_cloud_admin_backup这个用户是dv owner和account administrator,这个用户没有alter session set container权限,看来要做这个测试,只能先将lockdown disable了
SQL> connect sys/cdb14@cdb14 as sysdba
Connected.
SQL> alter system set pdb_lockdown='' scope=both sid='*';
System altered.
SQL> alter session set container=pdb$seed;
Session altered.
SQL> alter session set "_oracle_script"=true;
Session altered.
SQL> create user pdb_admin identified by cdb14;
create user pdb_admin identified by cdb14
*
ERROR at line 1:
ORA-01031: insufficient privileges
在disable lockdown之后,还是报没有权限
在尝试disable lockdown之后,还是报没有权限的错误,这里其实是我的理解错误,本身lockdown没有限制sys用户再pdb$seed 中创建用户,
禁止common user在pdb中创建用户,是有database vault的operation control来控制的
将pdb$seed的app protection disable掉
SQL> connect c##dv_cloud_admin_backup/cdb14@cdb14
Connected.
SQL> exec dbms_macadm.disable_app_protection('pdb$seed');
PL/SQL procedure successfully completed.
SQL> connect sys/cdb14@cdb14 as sysdba
Connected.
SQL> alter system set pdb_lockdown='PAAS' scope=both sid='*';
System altered.
SQL> alter session set container=pdb$seed;
Session altered.
SQL> alter session set "_oracle_script"=true;
Session altered.
SQL> create user pdb_admin identified by cdb14;
User created.
SQL> grant dba to pdb_admin;
Grant succeeded.
SQL> grant sysdba to pdb_admin;
Grant succeeded.
SQL> alter pluggable database close immediate instances=all;
Pluggable database altered.
SQL> alter pluggable database open read only instances=all;
Pluggable database altered.
SQL> alter session set "_oracle_script"=false;
Session altered.
检查pdb_admin这个用户是否具有sysdba 角色在pdb$seed这个pdb里
SQL> connect sys/cdb14@cdb14 as sysdba
Connected.
SQL> alter session set container=pdb$seed;
Session altered.
SQL> select username,sysdba from v$pwfile_users ;
USERNAME SYSDB
-------------------- -----
SYS TRUE
PDB_ADMIN TRUE
下面创建pdb基于pdb$seed
SQL> alter session set container=cdb$root;
Session altered.
SQL> create pluggable database cdb14pdb10888 admin user pdbadmin identified by cdb14 keystore identified by "WelCome-123#";
Pluggable database created.
SQL> alter pluggable database cdb14pdb10888 open read write instances=all;
Pluggable database altered.
SQL> alter session set container=cdb14pdb10888;
Session altered.
SQL> select username,sysdba from v$pwfile_users;
USERNAME SYSDB
-------------------- -----
SYS TRUE
PDB_ADMIN TRUE
下面尝试用sysdba角色连接这个pdb
[oracle@scaqad02adm01 bin]$ ./sqlplus "pdb_admin/cdb14@scaqad02adm01:1521/cdb14pdb10888 as sysdba"
SQL*Plus: Release 19.0.0.0.0 - Production on Mon Feb 8 18:48:27 2021
Version 19.10.0.0.0
Copyright (c) 1982, 2020, Oracle. All rights reserved.
Connected to:
Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production
Version 19.10.0.0.0
SQL>
标签:set,altered,角色,cdb14,pdb,SQL,sysdba,alter 来源: https://blog.csdn.net/wgz7747147820/article/details/113766968
本站声明: 1. iCode9 技术分享网(下文简称本站)提供的所有内容,仅供技术学习、探讨和分享; 2. 关于本站的所有留言、评论、转载及引用,纯属内容发起人的个人观点,与本站观点和立场无关; 3. 关于本站的所有言论和文字,纯属内容发起人的个人观点,与本站观点和立场无关; 4. 本站文章均是网友提供,不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属;如您发现该文章侵犯了您的权益,可联系我们第一时间进行删除; 5. 本站为非盈利性的个人网站,所有内容不会用来进行牟利,也不会利用任何形式的广告来间接获益,纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。