Which two statements are true?

In your multitenant container database (CDB) containing same pluggable databases (PDBs), you
execute the following commands in the root container:

Which two statements are true?

In your multitenant container database (CDB) containing same pluggable databases (PDBs), you
execute the following commands in the root container:

Which two statements are true?

A.
The C # # ROLE1 role is created in the root database and all the PDBs.

B.
The C # # ROLE1 role is created only in the root database because the container clause is not
used.

C.
Privileges are granted to the C##A_ADMIN user only in the root database.

D.
Privileges are granted to the C##A_ADMIN user in the root database and all PDBs.

E.
The statement for granting a role to a user fails because the CONTAINER clause is not used.

Explanation:
* You can include the CONTAINER clause in several SQL statements, such as the

CREATE USER, ALTER USER, CREATE ROLE, GRANT, REVOKE, and ALTER SYSTEM
statements.
* * CREATE ROLE with CONTAINER (optional) clause
/ CONTAINER = ALL
Creates a common role.
/ CONTAINER = CURRENT
Creates a local role in the current PDB.



Leave a Reply to Ledeboer, Jeroen Cancel reply15

Your email address will not be published. Required fields are marked *

5 × five =


Shawn

Shawn

A & D !!!
CONTAINER=ALL is the default for the root container.

Ledeboer, Jeroen

Ledeboer, Jeroen

A,C

Noname

Noname

B & C are correct. I executed the sql verbatim. Looks like container=all is default only in the case of create user, but not create role.

SQL> alter session set container=cdb$root;

Session altered.

SQL> select grantee, privilege from dba_sys_privs where grantee like ‘%ROLE1%’ order by 1,2;

GRANTEE PRIVILEGE
———————————————————— —————————————-
C##ROLE1 CREATE PROCEDURE
C##ROLE1 CREATE VIEW

SQL> alter session set container=hm_1;

Session altered.

SQL> select grantee, privilege from dba_sys_privs where grantee like ‘%ROLE1%’ order by 1,2;

no rows selected

SQL>

OraEXP Test

OraEXP Test

Answer is A, C. Tested !!

praveen

praveen

A, C are correct

If CONTAINER=ALL not specified
– for creating USER/ROLE: default is CONTAINER = ALL (See earlier links)
– for privileges : privileges assigned to a common role is local. i.e default is CURRENT

Ricardo

Ricardo

The CONTAINER clause applies when you are connected to a CDB.
To create a common role, you must be connected to the root. You can optionally specify CONTAINER = ALL, which is the default when you are connected to the root.
So A is right.

For privileges, CONTAINER = CURRENT is the default, so C is right

Alex

Alex

•To create a common role, you must be connected to the root. You can optionally specify CONTAINER = ALL, which is the default when you are connected to the root.
So A is right

For commonly granted privileges:

A privilege that is granted commonly can be used in every existing and future container.


Only common users can grant privileges commonly, and only if the grantee is common.


A common user can grant privileges to another common user or to a common role.


The grantor must be connected to the root and must specify CONTAINER=ALL in the GRANT statement.

So S is right

Amit

Amit

A & C is correct

Thekar

Thekar

Create Role in Multitenant Architecture

https://docs.oracle.com/database/121/SQLRF/statements_6014.htm#SQLRF01311

CONTAINER Clause

The CONTAINER clause applies when you are connected to a CDB. However, it is not necessary to specify the CONTAINER clause because its default values are the only allowed values.

To create a common role, you must be connected to the root. You can optionally specify CONTAINER = ALL, which is the default when you are connected to the root.

To create a local role, you must be connected to a PDB. You can optionally specify CONTAINER = CURRENT, which is the default when you are connected to a PDB.

Grant in Multitenant Architecture

https://docs.oracle.com/database/121/SQLRF/statements_9014.htm#SQLRF01603

CONTAINER Clause

If the current container is a pluggable database (PDB):

Specify CONTAINER = CURRENT to locally grant a system privilege, object privilege, or role to a user or role. The privilege or role is granted to the user or role only in the current PDB.

If the current container is the root:

Specify CONTAINER = CURRENT to locally grant a system privilege, object privilege, or role to a common user or common role. The privilege or role is granted to the user or role only in the root.

Specify CONTAINER = ALL to commonly grant a system privilege, object privilege on a common object, or role, to a common user or common role.

If you omit this clause, then CONTAINER = CURRENT is the default.

Thekar

Thekar

So, the good answers are A and C.