What is the result of the revoke command?

Examine the commands executed in the root container of your multitenant container
database (CDB) that has multiple pluggable databases (PDBs):
SQL> CREATE USER c##a_admin IDENTIFIED BY orcl123;
SQL> CREATE ROLE c##role1 CONTAINER=ALL;
SQL> GRANT CREATE VIEW TO C##roleI CONTAINER=ALL;
SQL> GRANT c##role1 TO c##a_admin CONTAINER=ALL;
SQL> REVOKE c##role1 FROM c##a_admin;
What is the result of the revoke command?

Examine the commands executed in the root container of your multitenant container
database (CDB) that has multiple pluggable databases (PDBs):
SQL> CREATE USER c##a_admin IDENTIFIED BY orcl123;
SQL> CREATE ROLE c##role1 CONTAINER=ALL;
SQL> GRANT CREATE VIEW TO C##roleI CONTAINER=ALL;
SQL> GRANT c##role1 TO c##a_admin CONTAINER=ALL;
SQL> REVOKE c##role1 FROM c##a_admin;
What is the result of the revoke command?

A.
It executes successfully and the c##role1 role is revoked from the c##a_admin user only
in the root container.

B.
It fails and reports an error because the container=all clause is not used.

C.
It executes successfully and the c##rocl1 role is revoked from the c##a_admin user in the
root database and all the PDBs.

D.
It fails and reports an error because the comtainer=current clause is not used.

Show Hint

Leave a Reply 9

Your email address will not be published. Required fields are marked *

puntano

puntano

B

SQL> CREATE USER c##a_admin IDENTIFIED BY orcl123;
CREATE ROLE c##role1 CONTAINER=ALL;
GRANT CREATE VIEW TO C##role1 CONTAINER=ALL;
GRANT c##role1 TO c##a_admin CONTAINER=ALL;
REVOKE c##role1 FROM c##a_admin;
User created.

SQL>
Role created.

SQL>
Grant succeeded.

SQL>
Grant succeeded.

SQL>
REVOKE c##role1 FROM c##a_admin
*
ERROR at line 1:
ORA-01951: ROLE ‘C##ROLE1’ not granted to ‘C##A_ADMIN’

Reply

Tri

Tri

You are right!
B is correct answer after i did testing

SQL> REVOKE c##role1 FROM c##a_admin;
REVOKE c##role1 FROM c##a_admin
*
ERROR at line 1:
ORA-01951: ROLE ‘C##ROLE1’ not granted to ‘C##A_ADMIN’

SQL> REVOKE c##role1 FROM c##a_admin CONTAINER=ALL;

Revoke succeeded.

SQL>

Reply

Tri

Tri

Again B 🙂

Reply

Tri

Tri

B again. This CREATE USER c##a_admin IDENTIFIED BY orcl123; will create common user event container is not specified.

Reply

Vonpire

Vonpire

A is not correct!

C is correct.

If the current container is the root:

Specify CONTAINER = CURRENT to revoke a locally granted system privilege, object privilege, or role from a common user or common role. The privilege or role is revoked from the user or role only in the root. This clause does not revoke privileges granted with CONTAINER = ALL.

Specify CONTAINER = ALL to revoke a commonly granted system privilege, object privilege on a common object, or role from a common user or common role. The privilege or role is revoked from the user or role across the entire CDB. This clause can revoke only a privilege or role granted with CONTAINER = ALL from the specified common user or common role. This clause does not revoke privileges granted locally with CONTAINER = CURRENT. However, any locally granted privileges that depend on the commonly granted privilege being revoked are also revoked.

If you omit this clause, then CONTAINER = CURRENT is the default.

Reply

Vonpire

Vonpire

B is correct, not C, sorry for typo

Reply