Oracle 12c multitenant database consist of a CDB which houses one or more PDB which house application data. Now this design has direct implications on user accounts and how they are implemented. This article attempts to briefly cover the implementation of user accounts in the Oracle 12c multitenant architecture.
Oracle 12c multitenant database have two class of user accounts: Common and Local. Common users belong to the root container (CDB) and have full access to PDBs within the CDB. Local users belong a particular PDB and do not have access to the root container (CDB) which houses them. They following rules govern User accounts in the multitenant database architecture:
- Common user have the same identity in the root and every PDB.
- Common users can connect to root and PDB.
- Common users connected to root can perform ALTER PLUGGABLE DATABASE, CREATE USER/ROLE that affect multiple PDBs.
- Local users apply to only one PDB.
- Local users cannot connect to CDB their PDB is contained in.
- Local users cannot cross PDBs but same username can exist in two different PDB in same CDB.
- Most privileges only apply in current container. IE user must first connect to container to query tables in that container and they cannot do it from the root.
Larry Catt
OCP