Wednesday, September 16, 2015

Wondering why you can't view data with a COMMON USER in Oracle 12c? You probably didn't use the CONTAINER_DATA clause

Introduction
Let's say you've created a common user in your Oracle 12c instance and you granted the user permissions to connect and select some specific dynamic views (e.g. V$PDBS, V$CONTAINERS).
Afterwards, you connect with that common user to the root container (CDB$ROOT), you query V$PDBS but no rows are returned.
This issue was raised in the OTN forum by a user and my answer to that user was  very simple - use the CONTAINER_DATA clause (See: https://community.oracle.com/message/13301017#13301017).

Basically, when a common user is connected to the ROOT and it executes a query on a container data object (As per Oracle Doc, container data objects include: V$, GV$, CDB_, and some Automatic Worklaod Repository DBA_HIST* view), then that query will only dispay data for the PDBs which are visible for that common user, and this is what you can set using the CONTAINER_DATA clause.

Demonstration
In the first step I'll create a common user, grant him permissions to connect and query V$PDBS and then I'll connect with that user and try to query V$PDBS.
SQL> select name,open_mode from v$pdbs;
NAME                           OPEN_MODE
------------------------------ ----------
PDB$SEED                       READ ONLY
PDBTEST                        MOUNTED
PINIDB                         READ WRITE

SQL> create user C##TEST identified by test;
User created.

SQL> grant connect to C##TEST;
Grant succeeded.

SQL> grant select on sys.v_$pdbs to C##TEST;
Grant succeeded.

SQL> connect C##TEST/test@isrvmrh541-cdb.world
Connected.

SQL> select * from v$pdbs;
no rows selected
As you can see, no rows are returned from the query.
Let's connect again with SYS and verify which PDBs are visible for user C##TEST using the CDB_CONTAINER_DATA dictionary view which displays information about the user-level and object-level CONTAINER_DATA attributes specific in the CDB:
SQL> connect sys@isrvmrh541-cdb.world as sysdba
Enter password:
Connected.

SQL> SELECT username,
  2         owner,
  3         object_name,
  4         all_containers container_name
  5    FROM CDB_CONTAINER_DATA
  6   WHERE username = 'C##TEST';
no rows selected
As you can see, user C##TEST has no container data attributes.
Let's specify that user C##TEST can see the data of V$PDBS from all the containers:
SQL> alter user C##TEST set container_data=all for sys.v_$pdbs container = current;
User altered.

SQL> SELECT username,
  2         owner,
  3         object_name,
  4         all_containers,
  5         container_name
  6    FROM CDB_CONTAINER_DATA
  7   WHERE username = 'C##TEST'
  8   ;

USERNAME           OWNER     OBJECT_NAME   ALL_CONTAINERS CONTAINER_NAME
--------------- ---------- --------------- ------------- --------------------
C##TEST            SYS      V_$PDBS           Y
As you can see, the CONTAINER_NAME is NULL because I sepcific in the aler command that the container_data will be visible for all containers.
If we would like to specify that the data of every container data object that the user has SELECT permissions to access, you can remove the "for" clause and execute the following command:
SQL> alter user C##TEST set container_data=all container = current;
User altered.

SQL> SELECT username,
  2         owner,
  3         object_name,
  4         all_containers,
  5         container_name
  6    FROM CDB_CONTAINER_DATA
  7   WHERE username = 'C##TEST';

USERNAME           OWNER    OBJECT_NAME    ALL_CONTAINERS CONTAINER_NAME
--------------- ---------- --------------- ------------- --------------------
C##TEST            SYS      V_$PDBS            Y
C##TEST                                        Y
As you can see, now user C##TEST has an access for all the objects which he will granted permissions to SELECT from. 

Summary
  • Once you create a COMMON USER, you should also specify which PDBs data are visible to that common user for which objects using the CONTAINER_DATA clause
  • You can specify the object-level CONTAINER_DATA attributes for a user using the ALTER USER command
  • You can view the information about the user-level and object-level CONTAINER_DATA attributes via CDB_CONTAINER_DATA dictionary view

Useful Links:
Posted by at
Labels: ,

20 comments:

  1. AnonymousApril 3, 2016 at 1:18 AM

    Very nice post. Thanks for Sharing... :)

    Regards,
    Pinto

    ReplyDelete
  2. UnknownOctober 8, 2018 at 5:21 AM

    Hi

    I have a User created table in my APPROOt and PDB
    I am not able to query the data in my PDB from approot

    I have tried alter user set container_data=all container =ALL

    Its not allowing me to perform ;error.

    Anything im missing here !!

    ReplyDelete
  3. JaredFebruary 2, 2022 at 10:28 AM

    Even though the CDB/PDB architecture has been available for years now, it has only recently been widely adopted.

    The security landscape certainly become more complex because of CDB.

    Thanks for this post, it was exactly what I was looking for.

    ReplyDelete
  4. HikmetttSeptember 30, 2023 at 8:43 PM

    Diyarbakır
    Adana
    Bursa
    izmir
    Sakarya
    3E0

    ReplyDelete
  5. NebulaSorcererOctober 18, 2023 at 12:42 PM

    ankara parça eşya taşıma
    takipçi satın al
    antalya rent a car
    antalya rent a car
    ankara parça eşya taşıma
    G5TL2

    ReplyDelete
  6. CelestialGoddessOctober 23, 2023 at 6:08 AM

    siirt evden eve nakliyat
    adıyaman evden eve nakliyat
    kastamonu evden eve nakliyat
    artvin evden eve nakliyat
    malatya evden eve nakliyat
    Z3İ

    ReplyDelete
  7. ElectricWandererAOctober 24, 2023 at 4:42 AM

    izmir evden eve nakliyat
    malatya evden eve nakliyat
    hatay evden eve nakliyat
    kocaeli evden eve nakliyat
    mersin evden eve nakliyat
    UJ6NUB

    ReplyDelete
  8. CFBE1Jolene7B214November 5, 2023 at 12:49 PM

    F6B0D
    Sivas Lojistik
    Adıyaman Parça Eşya Taşıma
    Bartın Evden Eve Nakliyat
    Hatay Lojistik
    Adana Lojistik

    ReplyDelete
  9. FF5A3Patrick6246FNovember 6, 2023 at 12:03 AM

    3EF74
    Bingöl Lojistik
    Antalya Lojistik
    Mersin Parça Eşya Taşıma
    Düzce Evden Eve Nakliyat
    Tokat Evden Eve Nakliyat

    ReplyDelete
  10. 104AEJesse54164November 9, 2023 at 8:36 AM

    6A3B7
    Karabük Evden Eve Nakliyat
    Siirt Parça Eşya Taşıma
    Sinop Evden Eve Nakliyat
    Lbank Güvenilir mi
    Yenimahalle Boya Ustası
    Karapürçek Fayans Ustası
    İstanbul Şehirler Arası Nakliyat
    Çankırı Evden Eve Nakliyat
    Bitlis Lojistik

    ReplyDelete
  11. 601C8RebeccaD9762November 16, 2023 at 7:43 AM

    C3E3B
    Iğdır Şehir İçi Nakliyat
    Çanakkale Şehirler Arası Nakliyat
    Konya Şehirler Arası Nakliyat
    Bayburt Şehir İçi Nakliyat
    Tunceli Parça Eşya Taşıma
    Urfa Lojistik
    Casper Coin Hangi Borsada
    Çerkezköy Halı Yıkama
    Yozgat Lojistik

    ReplyDelete
  12. A59E3JoanneFB887December 5, 2023 at 12:07 PM

    18555
    referanskodunedir.com.tr

    ReplyDelete
  13. 77D5ECurtis22ED8December 22, 2023 at 9:56 PM

    E54FF
    istanbul kadınlarla sohbet
    mobil sohbet chat
    erzincan sohbet uygulamaları
    bedava görüntülü sohbet sitesi
    bedava sohbet siteleri
    hakkari ucretsiz sohbet
    balıkesir muhabbet sohbet
    gümüşhane yabancı sohbet
    tokat bedava görüntülü sohbet sitesi

    ReplyDelete
  14. A7D8DKylie54E2ADecember 23, 2023 at 12:18 AM

    96460
    hakkari telefonda canlı sohbet
    giresun mobil sohbet sitesi
    tekirdağ sesli sohbet siteleri
    aydın en iyi rastgele görüntülü sohbet
    mardin canlı ücretsiz sohbet
    çankırı sohbet siteleri
    samsun bedava görüntülü sohbet
    antep canlı sohbet odası
    karabük parasız sohbet siteleri

    ReplyDelete
  15. CCEB0Sterling9D3F4December 24, 2023 at 8:03 PM

    AB5B5
    adıyaman sesli sohbet
    sivas canlı sohbet odaları
    görüntülü canlı sohbet
    canlı sohbet
    kızlarla canlı sohbet
    zonguldak canlı sohbet siteleri ücretsiz
    istanbul ücretsiz sohbet siteleri
    bursa sesli görüntülü sohbet
    tekirdağ canlı sohbet ücretsiz

    ReplyDelete
  16. 13842MarleneCE399December 25, 2023 at 1:11 AM

    14831
    canlı görüntülü sohbet uygulamaları
    en iyi rastgele görüntülü sohbet
    antep telefonda sohbet
    bedava görüntülü sohbet sitesi
    Erzurum Kadınlarla Sohbet Et
    canli goruntulu sohbet siteleri
    Afyon Kızlarla Canlı Sohbet
    mobil sesli sohbet
    Amasya Sohbet Uygulamaları

    ReplyDelete
  17. 3F558Ariah1E3E6January 8, 2024 at 2:25 PM

    DD8A3
    Binance Ne Zaman Kuruldu
    Threads Beğeni Hilesi
    Binance Borsası Güvenilir mi
    Bitcoin Nasıl Kazılır
    Apenft Coin Hangi Borsada
    Nonolive Takipçi Hilesi
    Spotify Dinlenme Hilesi
    Bitcoin Kazanma
    Bitcoin Nedir

    ReplyDelete
  18. DC496Amanda81EC3January 19, 2024 at 6:12 AM

    6B2D1
    Flare Coin Hangi Borsada
    Dxgm Coin Hangi Borsada
    Caw Coin Hangi Borsada
    Chat Gpt Coin Hangi Borsada
    Telegram Abone Satın Al
    Aion Coin Hangi Borsada
    Periscope Beğeni Hilesi
    Milyon Coin Hangi Borsada
    Coin Nasıl Alınır

    ReplyDelete
  19. 5001EGene5192BJanuary 19, 2024 at 6:13 AM

    725C0
    Bitcoin Para Kazanma
    Paribu Borsası Güvenilir mi
    Referans Kimliği Nedir
    Discord Sunucu Üyesi Satın Al
    Likee App Takipçi Hilesi
    Bitcoin Nasıl Para Kazanılır
    Binance Nasıl Üye Olunur
    Aion Coin Hangi Borsada
    Coin Madenciliği Nasıl Yapılır

    ReplyDelete

Subscribe to: Post Comments (Atom)