oracle12c CDB中共同使用者和本地使用者區別

官方文件：http://docs.oracle.com/database/121/ADMQS/users_secure.htm#ADMQS12486

About Commonality in a CDB

In a multitenant container database (CDB), the basic principle of commonality is that a common phenomenon is the same in every existing and future container. In a CDB, "common" means "common to all containers." In contrast, a local phenomenon is restricted to exactly one existing container.

A corollary to the principle of commonality is that only a common user can alter the existence of common phenomena. More precisely, only a common user connected to the root can create, destroy, or modify CDB-wide attributes of a common user or role.

Common Users in a CDB

A common user is a database user that has the same identity in the root and in every existing and future PDB. Every common user can connect to and perform operations within the root, and within any PDB in which it has privileges.

Every common user is either Oracle-supplied or user-created. Examples of Oracle-supplied common users are SYS and SYSTEM.

Common users have the following characteristics:

• A common user can log in to any container (including CDB$ROOT) in which it has the CREATE SESSION privilege.

  A common user need not have the same privileges in every container. For example, the c##dba user may have the privilege to create a session in the root and in one PDB, but not to create a session in a different PDB. Because a common user with the appropriate privileges can switch between containers, a common user in the root can administer PDBs.

• The name of every user-created common user must begin with the characters c## or C##. (Oracle-supplied common user names do not have this restriction.)

  No local user name may begin with the characters c## or C##.

• The names of common users must contain only ASCII or EBCDIC characters.

• Every common user is uniquely named across all containers.

  A common user resides in the root, but must be able to connect to every PDB with the same identity.

• The schemas for a common user can differ in each container.

  For example, if c##dba is a common user that has privileges on multiple containers, then the c##dba schema in each of these containers may contain different objects.

Local Users in a CDB

A local user is a user that is not common and that can operate only within a single PDB. Local users have the following characteristics:

• A local user is specific to a particular PDB and owns a schema in this PDB.

• A local user cannot be created in the root.

• A local user on one PDB cannot log in to another PDB or to the root.

• The name of a local user cannot begin with the characters c## or C##.

• The name of a local user must only be unique within its PDB.

• The user name and the PDB in which that user schema is contained determine a unique local user. For example, a local user and schema named rep can exist on a PDB named hrpdb. A completely independent local user and schema named rep can exist on a PDB named salespdb.

• Whether local users can access objects in a common schema depends on their user privileges.

  For example, the c##dba common user may create a table in the c##dba schema on the hrpdb PDB. Unless c##dba grants the necessary privileges to the local hr user on this table, hr cannot access it.