Managing Security in a CDB and PDBs 625
In the multitenant environment, a user is either a common user, which has access to all containers in the CDB, or a local user, which has access only to the PDB in which it was created. In the context of a CDB, the word common is used to indicate that some entity is common to all containers. In this context, local means that an entity is restricted to exactly one container.
Common Users A common user is a database user who has the same username and password in the root and in every PDB in the CDB.
A common user is a CDB user that has the same identity in CDB$ROOT and in all PDBs and can connect to and perform operations in the root and in any PDB where they have CREATE SESSION privileges. SYS and SYSTEM, as well as the other Oracle-supplied administrative accounts, are examples of common users that are created with each CDB. A common user has the following characteristics:
■■ Other than Oracle-supplied administrative accounts, the username begins with the characters c## or C##.
626 Chapter 14 ■ Oracle Security in CDBs and PDBs
It is not essential for a common user to have the same privileges in every PDB. We will demonstrate how to create a common user account later in this chapter.
■■ Execute an ALTER PLUGGABLE DATABASE command while connected to the CDB$ROOT
A common user may switch between PDBs and will use the privileges that are granted to that user in the current PDB. In an Oracle Database Vault environment, the Database Vault restrictions for a PDB apply to the common user when connected to the PDB.
If a PDB from another source CDB contains a common user and you plug it into a target CDB, then these translations occur:
■■ Common user privileges for these common user accounts in this PDB are not brought over from the source CDB.