Performing Basic Tasks in Oracle Multitenant

Purpose

This tutorial covers the steps to perform basic tasks on container databases (CDBs) and pluggable databases (PDBs).

Time to Complete

Approximately 45 minutes

Introduction

This tutorial shows you how to:

1. Connect to a CDB and to a PDB.

2. Create a PDB from the seed PDB.

3. Manage CDBs and PDBs.
   

1. Start a CDB, understand the different open modes of PDBs, and shut down a CDB.

2. Open and close PDBs.

3. Change the name of a PDB.

   1. Manage the storage in a CDB and its PDBs.
      

4. Manage permanent tablespaces.

5. Manage temporary tablespaces.

   1. Manage the security in PDBs.
      

6. Create common and local users.

7. Create common and local roles.

8. Grant common and local privileges.

   1. Drop PDBs.

Note: For readability, formatting was applied to some columns shown in the output.

Prerequisites

Before starting this tutorial, you should:

1. Install Oracle Database 12c

2. Create one CDB and one PDB

The environment used in the development of this tutorial is as follows:

1. ORACLE_HOME: /u01/app/oracle/product/12.1.0

2. TNS Listener port: 1521

3. Container databases:
   

1. SID: cdb1

2. SID: cdb2

   1. Pluggable databases (in cdb1):
      

3. pdb1

4. pdb2

Connecting to the CDB Root or to a PDB

Creating a CDB creates a service whose name is the CDB name. As a side effect of creating a PDB in the CDB, a service is created inside it with a property that identifies it as the initial current container. The service is also started as a side effect of creating the PDB. The service has the same name as the PDB. Although its metadata is recorded inside the PDB, the invariant is maintained so that a service name is unique within the entire CDB.

Use the Easy Connect syntax to connect to the root unless a net service name is configured in the tnsnames for the root service.

. oraenv

[enter cdb1 at the prompt]

sqlplus sys/oracle@localhost:1521/cdb1 as sysdba

show con_name

show con_id

Connect to the root by using OS authentication.

connect / as sysdba

show con_name

show con_id

Display the list of available services for the root and the PDBs.

select name, con_id from v$active_services order by 1;

Use the Easy Connect syntax to connect to the PDB unless a net service name is configured in the tnsnames for the PDB service.

connect sys/oracle@localhost:1521/pdb1 as sysdba

show con_name

show con_id

exit

Creating a PDB from the Seed PDB

In this section, you create a PDB from the seed PDB. Each CDB has a template PDB whose name is PDB$Seed.

Creating the OS Directory for the New Data Files and Temp Files of the PDB

Before starting the PDB creation, create a destination directory for the data files.

mkdir /u01/app/oracle/oradata/cdb1/pdb3

Creating the PDB

Create a PDB from the seed PDB.

sqlplus / as sysdba

create pluggable database pdb3 admin user odb3_admin identified by oracle roles = (DBA) FILE_NAME_CONVERT=(‘/u01/app/oracle/oradata/cdb1/pdbseed’,’/u01/app/oracle/oradata/cdb1/pdb3′);

Verify the status, open mode, and service names of the PDBs in the CDB. If the status for a PDB shows NEEDS SYNC, you can connect to the PDB and run the DBMS_PDB.SYNC_PDB procedure to change the status to NORMAL.

select pdb_name, status from cdb_pdbs;

select name, open_mode from v$pdbs;

select name, con_id from v$active_services order by 1;

The open mode of the newly created PDB is still MOUNTED. You will learn how to open the PDB in the next section. The creation of the PDB created a new service.

List the PDB data files.

select name from v$datafile where con_id=5;

Managing the CDB and the PDBs

In this section, you start the CDB and shut it down. You also open and close the PDBs.

Managing the CDB

Ensure that you are connected to the root as SYSDBA.

Shut down the CDB.

show con_name

shutdown immediate

This operation first closes all PDBs, then dismounts the control files, and finally shuts down the instance.

Start the CDB. This operation requires the SYSDBA or SYSBACKUP privilege.

startup

This operation first starts the instance, then mounts the control files, and finally opens only the root container.

Verify the open mode of the PDBs. This operation first starts the instance, then mounts the control files, and finally opens only the root container.

select name, open_mode from v$pdbs;

Notice that PDB1 is opened automatically because of a database trigger that was previously created in this environment. Later in this tutorial, you will learn how to create a trigger to open all PDBs after the CDB is started.

Managing the PDBs

Open a PDB.

alter pluggable database pdb2 open;

select name, open_mode from v$pdbs;

Open all PDBs at once.

alter pluggable database all open;

Verify the open mode of the PDBs.

select name, open_mode from v$pdbs;

Close a PDB.

alter pluggable database pdb1 close immediate;

select name, open_mode from v$pdbs;

Close all PDBs at once.

alter pluggable database all close immediate;

select name, open_mode from v$pdbs;

When a CDB instance starts, you discover that its PDBs do not automatically open. In a development environment, it is convenient to ensure that all PDBs open with the instance.

Perform the following actions:

1. Create a trigger to open all PDBs after CDB startup.

2. Shut down and start the CDB to verify that the trigger automatically opens all PDBs.

create or replace trigger Sys.After_Startup after startup on database begin execute immediate ‘alter pluggable database all open’; end After_Startup; /

shutdown immediate

startup

select name, open_mode from v$pdbs;

Renaming a PDB

Open the PDB in restricted mode.

alter pluggable database pdb3 close immediate;

alter pluggable database pdb3 open restricted;

select name, restricted from v$pdbs;

Rename the PDB. You must be connected to the PDB to rename it.

alter pluggable database pdb3 rename global_name to pdb3_bis;

Note: You should receive an error message when you execute this statement because you are not connected to the pluggable database that is being renamed.

connect sys/oracle@localhost:1521/pdb3 as sysdba

alter pluggable database pdb3 rename global_name to pdb3_bis;

Close and open the PDB.

alter pluggable database close immediate;

alter pluggable database open;

select name, open_mode from v$pdbs;

The PDB was renamed.

Managing Storage in a CDB and Its PDBs

Each container in a CDB stores data in its own data files and handles temporary data in its own temp files.List the root’s tablespaces, data files, and temp files.

connect / as sysdba

select tablespace_name, con_id from cdb_tablespaces where con_id=1;

select file_name, con_id from cdb_data_files where con_id=1;

select file_name, con_id from cdb_temp_files where con_id=1;

Create a permanent tablespace in the root.

create tablespace cdata datafile ‘/u01/app/oracle/oradata/cdb1/cdata01.dbf’ SIZE 10M;

select tablespace_name, con_id from cdb_tablespaces order by con_id;

select file_name, con_id from cdb_data_files order by con_id;

Create a temporary tablespace in the root.

create temporary tablespace temp_root tempfile ‘/u01/app/oracle/oradata/cdb1/temproot01.dbf’ SIZE 10M;

select tablespace_name, con_id from cdb_tablespaces where contents=’TEMPORARY’ and con_id=1;

select file_name, con_id from cdb_temp_files where con_id=1;

Create a tablespace in a PDB.

connect system/oracle@localhost:1521/pdb3_bis

create tablespace ldata datafile ‘/u01/app/oracle/oradata/cdb1/pdb3/ldata01.dbf’ SIZE 10M;

select tablespace_name, con_id from cdb_tablespaces order by con_id;

select file_name, con_id from cdb_data_files order by con_id;

select file_name from dba_data_files;

When you are connected to a PDB, the CDB_

xxx or DBA_

xxx views show the same information.

Create a temporary tablespace in the PDB.

create temporary tablespace temp_pdb3 tempfile ‘/u01/app/oracle/oradata/cdb1/pdb3/temppdb301.dbf’ SIZE 10M;

select tablespace_name, con_id from cdb_tablespaces where contents=’TEMPORARY’;

select file_name from dba_temp_files;

Managing Security in PDBs

Managing Common and Local Users

Each container in a CDB holds common and local users. Any user, common or local, can only exercise the granted privileges inside the specific container to which it is connected.

1. Common users are created from the root and are  automatically replicated in each PDB except the seed PDB. Common users can connect to any PDB. The name assigned to a common user must start with c##.

2. Local users are created in a PDB they need to access. Local users can only connect to the PDB where they are created. They are not visible to the other PDBs of the same CDB.

Create a common user while you are connected to the root.

connect / as sysdba

create user c##1 identified by oracle container=all;

select username, common, con_id from cdb_users where username like ‘C##%’;

The user is not created in the seed PDB (con_id 2).

Connect as a common user in a PDB.

connect c##1/oracle@localhost:1521/pdb2

connect c##1/oracle@localhost:1521/pdb3_bis

The user is recognized in each PDB but cannot connect because the CREATE SESSION privilege was not yet granted.

Connect as a DBA in a PDB to create a local user.

connect system/oracle@localhost:1521/pdb3_bis

create user hr identified by oracle;

select username, common, con_id  from cdb_users where username =’HR’;

Connect as the local HR user in each PDB.

connect hr/oracle@localhost:1521/pdb2

connect hr/oracle@localhost:1521/pdb3_bis

The user is recognized in the PDB where he was created (pdb3_bis) but not in another PDB (pdb2) because he is local

only to pdb3_bis.

Managing Common and Local Roles

Each container in a CDB holds common and local roles.

1. Common roles are created from the root and are automatically replicated in each PDB except the seed PDB. The name assigned to a common role must start with c##.

   1. Common roles can be granted commonly: The grant operation is replicated in each PDB except the seed PDB.

   2. Common roles can be granted locally: The grant operation is performed in the container where the operation takes place.

2. Local roles are created in a PDB they need to access. Local roles can be granted locally only in the PDB where they are created. They are not visible to the other PDBs of the same CDB.

Create a common role.

connect / as sysdba

create role c##r1 container=all;

select role, common, con_id from cdb_roles where role=’C##R1′;The role is created in all PDBs except the seed PDB (con_id 2).

Create a local role in a PDB. (When you are connected to a PDB, you cannot create a common role.)

connect system/oracle@localhost:1521/pdb3_bis

create role hr_manager;

select role, common, con_id from cdb_roles where role=’HR_MANAGER’;

create role c##r2 container=all;You should see an error message after executing this statement because you cannot create a common role inside a PDB.

Managing Common and Local Privileges

You can grant common and local privileges to common and local users and roles. The privileges become common or local based on how they are granted. They are common when they are granted with the CONTAINER=ALL clause.

1. Common privileges are automatically granted to the common grantee (user or role) in each PDB except the seed PDB.

2. Local privileges are granted to a grantee (user or role) in a specific PDB.

Grant CREATE SESSION as a common privilege to a common user.

connect / as sysdba

grant create session to c##1 container=all;

select grantee, privilege, common, con_id from cdb_sys_privs where privilege=’CREATE SESSION’ and grantee=’C##1′;

connect c##1/oracle@localhost:1521/pdb2

select * from session_privs;

connect c##1/oracle@localhost:1521/pdb3_bis

select * from session_privs;

Granting a privilege as a common privilege to a local user is not allowed. But you can grant the privilege locally to a local user: CREATE SESSION becomes a local privilege that allows the local user to exercise it only in the PDB and not in another PDB.

Grant the privilege locally to a local user.

connect system/oracle@localhost:1521/pdb3_bis

grant create session to hr container=all; [you should see an error message after executing this statement. why?]

grant create session to hr;

select grantee, privilege, common, con_id from cdb_sys_privs where privilege=’CREATE SESSION’ and grantee=’HR’;

connect hr/oracle@localhost:1521/pdb2 [you should see an error message after executing this statement. why?]

connect hr/oracle@localhost:1521/pdb3_bis

select * from session_privs;

Dropping PDBs

When you drop a PDB, you can specify to keep or delete the data files. Keeping the data files is required when you unplug a PDB and want to plug it into another CDB (or the same CDB). The data files are reused when plugging in the PDB.

Close the PDBs.

connect / as sysdba

alter pluggable database all close immediate;

select name, open_mode from v$pdbs;

Drop the PDBs, including their data files.

drop pluggable database pdb3_bis including datafiles;

select name from v$pdbs;

Resetting Your Environment

Perform the following steps to reset your environment prior to repeating the activities covered in this OBE or starting another OBE.

Drop the common user and role that you created.

drop user c##1;

drop role c##r1;

Drop the tablespaces that you created in the CDB root.

drop tablespace cdata including contents;

drop tablespace temp_root including contents;

Open pdb1 and replace the database trigger with a trigger that opens only pdb1 at CDB startup.

alter pluggable database pdb1 open;

create or replace trigger Sys.After_Startup after startup on database begin execute immediate ‘alter pluggable database pdb1 open’; end After_Startup; /