In your multitenant container database (CDB) containing same pluggable databases (PDBs), you
execute the following commands in the root container: 
Which two statements are true?
A.
The C # # ROLE1 role is created in the root database and all the PDBs.
B.
The C # # ROLE1 role is created only in the root database because the container clause is not
used.
C.
Privileges are granted to the C##A_ADMIN user only in the root database.
D.
Privileges are granted to the C##A_ADMIN user in the root database and all PDBs.
E.
The statement for granting a role to a user fails because the CONTAINER clause is not used.
Explanation:
* You can include the CONTAINER clause in several SQL statements, such as theCREATE USER, ALTER USER, CREATE ROLE, GRANT, REVOKE, and ALTER SYSTEM
statements.
* * CREATE ROLE with CONTAINER (optional) clause
/ CONTAINER = ALL
Creates a common role.
/ CONTAINER = CURRENT
Creates a local role in the current PDB.
A & D !!!
CONTAINER=ALL is the default for the root container.
NO. CONTAINER=ALL is NOT the default for the root
See http://docs.oracle.com/cd/E16655_01/server.121/e17633/cdblogic.htm#CNCPT89364
Grants of Privileges and Roles: Scenario
t3 -> Because the clause CONTAINER=ALL is absent, this privilege is granted locally and thus applies only to the root, which is the current container.
sorry again
while create role in 12c: “If the current container is a PDB and you omit this clause, then CONTAINER = CURRENT is the default. If you omit this clause and the current container is the root, then CONTAINER = ALL is the default.”
http://docs.oracle.com/cd/E16655_01/server.121/e17209/statements_6013.htm#SQLRF54313
So AD
)))
but while grant in 12c in root: “If you omit this clause, then CONTAINER = CURRENT is the default.”
http://docs.oracle.com/cd/E16655_01/server.121/e17209/statements_9013.htm#SQLRF55701
So AC )))
A,C
B & C are correct. I executed the sql verbatim. Looks like container=all is default only in the case of create user, but not create role.
SQL> alter session set container=cdb$root;
Session altered.
SQL> select grantee, privilege from dba_sys_privs where grantee like ‘%ROLE1%’ order by 1,2;
GRANTEE PRIVILEGE
———————————————————— —————————————-
C##ROLE1 CREATE PROCEDURE
C##ROLE1 CREATE VIEW
SQL> alter session set container=hm_1;
Session altered.
SQL> select grantee, privilege from dba_sys_privs where grantee like ‘%ROLE1%’ order by 1,2;
no rows selected
SQL>
Answer is A, C. Tested !!
A, C are correct
If CONTAINER=ALL not specified
– for creating USER/ROLE: default is CONTAINER = ALL (See earlier links)
– for privileges : privileges assigned to a common role is local. i.e default is CURRENT
The CONTAINER clause applies when you are connected to a CDB.
To create a common role, you must be connected to the root. You can optionally specify CONTAINER = ALL, which is the default when you are connected to the root.
So A is right.
For privileges, CONTAINER = CURRENT is the default, so C is right
AC
•To create a common role, you must be connected to the root. You can optionally specify CONTAINER = ALL, which is the default when you are connected to the root.
So A is right
For commonly granted privileges:
•
A privilege that is granted commonly can be used in every existing and future container.
•
Only common users can grant privileges commonly, and only if the grantee is common.
•
A common user can grant privileges to another common user or to a common role.
•
The grantor must be connected to the root and must specify CONTAINER=ALL in the GRANT statement.
So S is right
A & C is correct
AC
Create Role in Multitenant Architecture
https://docs.oracle.com/database/121/SQLRF/statements_6014.htm#SQLRF01311
CONTAINER Clause
The CONTAINER clause applies when you are connected to a CDB. However, it is not necessary to specify the CONTAINER clause because its default values are the only allowed values.
To create a common role, you must be connected to the root. You can optionally specify CONTAINER = ALL, which is the default when you are connected to the root.
To create a local role, you must be connected to a PDB. You can optionally specify CONTAINER = CURRENT, which is the default when you are connected to a PDB.
Grant in Multitenant Architecture
https://docs.oracle.com/database/121/SQLRF/statements_9014.htm#SQLRF01603
CONTAINER Clause
If the current container is a pluggable database (PDB):
Specify CONTAINER = CURRENT to locally grant a system privilege, object privilege, or role to a user or role. The privilege or role is granted to the user or role only in the current PDB.
If the current container is the root:
Specify CONTAINER = CURRENT to locally grant a system privilege, object privilege, or role to a common user or common role. The privilege or role is granted to the user or role only in the root.
Specify CONTAINER = ALL to commonly grant a system privilege, object privilege on a common object, or role, to a common user or common role.
If you omit this clause, then CONTAINER = CURRENT is the default.
So, the good answers are A and C.