{"id":3777,"date":"2021-04-13T08:33:35","date_gmt":"2021-04-13T08:33:35","guid":{"rendered":"https:\/\/swiv.com.br\/granting-multitenant-privileges-as-common-or-local\/"},"modified":"2026-05-27T20:02:33","modified_gmt":"2026-05-27T19:02:33","slug":"granting-multitenant-privileges-as-common-or-local","status":"publish","type":"post","link":"https:\/\/swiv.com.br\/index.php\/2021\/04\/13\/granting-multitenant-privileges-as-common-or-local\/","title":{"rendered":"Granting Multitenant Privileges as Common or Local"},"content":{"rendered":"\n

Neste artigo simples, vamos explorar a administra\u00e7\u00e3o de privil\u00e9gios do tipo common ou local, tanto a n\u00edvel de root container ou PDBs, na arquitetura Multitetant.<\/p>\n\n\n\n

Pela consulta abaixo, podemos ver que o privil\u00e9gio de create session foi concedido para os usu\u00e1rios C##BRUNO (common) e LOCALUSER (local) nos containers seguintes:<\/p>\n\n\n

\n[oracle@quiasma admin]$ sqlplus \/ as sysdba\n \nSQL*Plus: Release 18.0.0.0.0 - Production on Tue Apr 13 05:20:43 2021\nVersion 18.13.0.0.0\n \nCopyright (c) 1982, 2018, Oracle.  All rights reserved.\n \n \nConnected to:\nOracle Database 18c Enterprise Edition Release 18.0.0.0.0 - Production\nVersion 18.13.0.0.0\n \nSQL> col grantee format a18\nSQL> col privilege format a14\nSQL> SELECT GRANTEE, PRIVILEGE, COMMON, CON_ID FROM CDB_SYS_PRIVS WHERE GRANTEE IN ('C##BRUNO', 'LOCALUSER');\n \nGRANTEE            PRIVILEGE      COM     CON_ID\n------------------ -------------- --- ----------\nC##BRUNO           CREATE SESSION YES          1\nLOCALUSER          CREATE SESSION NO           3\nC##BRUNO           CREATE SESSION YES          3\n<\/pre><\/div>\n\n\n
Ao logar no PDB, temos a seguinte imagem:<\/p>\n\n\n
\nSQL> conn system\/oracle@HIPOFISE1\nConnected.\nSQL> col grantee format a18\nSQL>\nSQL> col privilege format a14\nSQL> SELECT GRANTEE, PRIVILEGE, COMMON, CON_ID FROM CDB_SYS_PRIVS WHERE GRANTEE IN ('C##BRUNO', 'LOCALUSER');\n \nGRANTEE            PRIVILEGE      COM     CON_ID\n------------------ -------------- --- ----------\nLOCALUSER          CREATE SESSION NO           3\nC##BRUNO           CREATE SESSION YES          3\n<\/pre><\/div>\n\n\n
Concedendo privil\u00e9gios para o common user, contemplando todos os containers:<\/p>\n\n\n
\nSQL> conn \/ as sysdba\nConnected.\nSQL> GRANT CREATE TABLE, UNLIMITED TABLESPACE TO C##BRUNO CONTAINER=ALL;\n \nGrant succeeded.\n \nSQL> col grantee format a12\nSQL> col privilege format a30\nSQL> SELECT GRANTEE, PRIVILEGE, COMMON, CON_ID FROM CDB_SYS_PRIVS WHERE GRANTEE = 'C##BRUNO' ORDER BY 1,2;\n \nGRANTEE      PRIVILEGE                      COM     CON_ID\n------------ ------------------------------ --- ----------\nC##BRUNO     CREATE SESSION                 YES          1\nC##BRUNO     CREATE SESSION                 YES          3\nC##BRUNO     CREATE TABLE                   YES          3\nC##BRUNO     CREATE TABLE                   YES          1\nC##BRUNO     UNLIMITED TABLESPACE           YES          3\nC##BRUNO     UNLIMITED TABLESPACE           YES          1\n \n6 rows selected.\n<\/pre><\/div>\n\n\n
Concedendo privil\u00e9gio de criar sequence apenas no root container. Ou seja, faremos o local grant para um common user. O quanto pudermos evitar essa situa\u00e7\u00e3o em ambientes oficiais, melhor, para evitar confus\u00f5es.<\/p>\n\n\n
\nSQL> SHOW CON_ID CON_NAME;\n \nCON_ID\n------------------------------\n1\n \nCON_NAME\n------------------------------\nCDB$ROOT\nSQL> GRANT CREATE SEQUENCE TO C##BRUNO CONTAINER=CURRENT;\n \nGrant succeeded.\n \nSQL> SELECT GRANTEE, PRIVILEGE, COMMON, CON_ID FROM CDB_SYS_PRIVS WHERE GRANTEE = 'C##BRUNO' AND PRIVILEGE ='CREATE SEQUENCE';\n \nGRANTEE      PRIVILEGE                      COM     CON_ID\n------------ ------------------------------ --- ----------\nC##BRUNO     CREATE SEQUENCE                NO           1\n<\/pre><\/div>\n\n\n
Concedendo privil\u00e9gio para o common user apenas em um PDB:<\/p>\n\n\n
\nSQL> ALTER SESSION SET CONTAINER=HIPOFISE1;\n \nSession altered.\n \nSQL> GRANT CREATE SYNONYM TO C##BRUNO CONTAINER=CURRENT;\n \nGrant succeeded.\n \nSQL> col grantee format a18\nSQL> SELECT GRANTEE, PRIVILEGE, COMMON, CON_ID FROM CDB_SYS_PRIVS WHERE GRANTEE = 'C##BRUNO' AND PRIVILEGE ='CREATE SYNONYM';\n \nGRANTEE            PRIVILEGE                      COM     CON_ID\n------------------ ------------------------------ --- ----------\nC##BRUNO           CREATE SYNONYM                 NO           3\n<\/pre><\/div>\n\n\n
Concedendo privil\u00e9gio para um local user em um PDB espec\u00edfico:<\/p>\n\n\n
\nSQL> ALTER SESSION SET CONTAINER=HIPOFISE1;\n \nSession altered.\n \nSQL> GRANT UNLIMITED TABLESPACE TO LOCALUSER;\n \nGrant succeeded.\n \nSQL> col grantee format a18\nSQL> SELECT GRANTEE, PRIVILEGE, COMMON, CON_ID FROM CDB_SYS_PRIVS WHERE GRANTEE = 'LOCALUSER';\n \nGRANTEE            PRIVILEGE                      COM     CON_ID\n------------------ ------------------------------ --- ----------\nLOCALUSER          UNLIMITED TABLESPACE           NO           3\nLOCALUSER          CREATE SESSION                 NO           3\n<\/pre><\/div>\n\n\n
Obs: Este procedimento foi criado pelo senhor Ahmed Baraka (www.ahmedbaraka.com) e foi apenas reproduzido por mim em um laborat\u00f3rio pessoal para fins de aprendizado.<\/p>\n","protected":false},"excerpt":{"rendered":"
Neste artigo simples, vamos explorar a administra\u00e7\u00e3o de privil\u00e9gios do tipo common ou local, tanto a n\u00edvel de root container ou PDBs, na arquitetura Multitetant. Pela consulta abaixo, podemos ver que o privil\u00e9gio de create session foi concedido para os usu\u00e1rios C##BRUNO (common) e LOCALUSER (local) nos containers seguintes: Ao logar no PDB, temos a […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[],"class_list":["post-3777","post","type-post","status-publish","format-standard","hentry","category-multitenant"],"_links":{"self":[{"href":"https:\/\/swiv.com.br\/index.php\/wp-json\/wp\/v2\/posts\/3777","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/swiv.com.br\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/swiv.com.br\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/swiv.com.br\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/swiv.com.br\/index.php\/wp-json\/wp\/v2\/comments?post=3777"}],"version-history":[{"count":1,"href":"https:\/\/swiv.com.br\/index.php\/wp-json\/wp\/v2\/posts\/3777\/revisions"}],"predecessor-version":[{"id":9173,"href":"https:\/\/swiv.com.br\/index.php\/wp-json\/wp\/v2\/posts\/3777\/revisions\/9173"}],"wp:attachment":[{"href":"https:\/\/swiv.com.br\/index.php\/wp-json\/wp\/v2\/media?parent=3777"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/swiv.com.br\/index.php\/wp-json\/wp\/v2\/categories?post=3777"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/swiv.com.br\/index.php\/wp-json\/wp\/v2\/tags?post=3777"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}