What is the result of the revoke command?

Examine the commands executed in the root container of your multitenant container
database (CDB) that has multiple pluggable databases (PDBs): SQL> CREATE USER
c##a_admin IDENTIFIED BY orcl123; SQL> CREATE ROLE c##role1 CONTAINER=ALL;
SQL> GRANT CREATE VIEW TO C##roleI CONTAINER=ALL; SQL> GRANT c##role1 TO
c##a_admin CONTAINER=ALL; SQL> REVOKE c##role1 FROM c##a_admin; What is the
result of the revoke command?

Examine the commands executed in the root container of your multitenant container
database (CDB) that has multiple pluggable databases (PDBs): SQL> CREATE USER
c##a_admin IDENTIFIED BY orcl123; SQL> CREATE ROLE c##role1 CONTAINER=ALL;
SQL> GRANT CREATE VIEW TO C##roleI CONTAINER=ALL; SQL> GRANT c##role1 TO
c##a_admin CONTAINER=ALL; SQL> REVOKE c##role1 FROM c##a_admin; What is the
result of the revoke command?

A.
It executes successfully and the c##role1 role is revoked from the c##a_admin user only
in the root container.

B.
It fails and reports an error because the container=all clause is not used.

C.
It executes successfully and the c##rocl1 role is revoked from the c##a_admin user in
the root database and all the PDBs.

D.
It fails and reports an error because the comtainer=current clause is not used.

Show Hint

Leave a Reply 7

Your email address will not be published. Required fields are marked *

yogui

yogui

A
If you omit this clause, then CONTAINER = CURRENT is the default.
Specify CONTAINER = CURRENT to revoke a locally granted system privilege, object privilege, or role from a common user or common role. The privilege or role is revoked from the user or role only in the root. This clause does not revoke privileges granted with CONTAINER = ALL.

Reply

fol

fol

B
SQL> GRANT c##role1 TO c##a_admin CONTAINER=ALL;

Grant succeeded.

SQL> REVOKE c##role1 FROM c##a_admin;
REVOKE c##role1 FROM c##a_admin
*
ERROR at line 1:
ORA-01951: ROLE ‘C##ROLE1’ not granted to ‘C##A_ADMIN’

SQL> REVOKE c##role1 FROM c##a_admin CONTAINER=ALL;

Revoke succeeded.

Reply

Oracle

Oracle

Yes B is the correct answer!

CDB$ROOT@CDB12C> revoke c##role1 from c##admin container=current;
revoke c##role1 from c##admin container=current
*
ERROR at line 1:
ORA-01951: ROLE ‘C##ROLE1’ not granted to ‘C##ADMIN’

CDB$ROOT@CDB12C> revoke c##role1 from c##admin container=all;

Revoke succeeded.

Reply

Sorin

Sorin

B

SQL> create user c##a_admin identified by “Oracle123”;

User created.
SQL> create role c##role2 container=all;

Role created.

SQL> grant create view to c##role2 container=all;

Grant succeeded.
SQL> grant c##role2 to c##a_admin container=all;

Grant succeeded.
SQL> revoke c##role2 from c##a_admin;
revoke c##role2 from c##a_admin
*
ERROR at line 1:
ORA-01951: ROLE ‘C##ROLE2’ not granted to ‘C##A_ADMIN’
SQL> revoke C##ROLE2 FROM C##A_ADMIN container=current;
revoke C##ROLE2 FROM C##A_ADMIN container=current
*
ERROR at line 1:
ORA-01951: ROLE ‘C##ROLE2’ not granted to ‘C##A_ADMIN’

SQL> revoke C##ROLE2 FROM C##A_ADMIN container=all;

Revoke succeeded.

Reply