In this recipe, to prevent users to exercise system privileges (such as select any table
), you are going to first create a realm and then you are going to change it to a mandatory realm. The mandatory realm further restricts access to protected objects. Schema owners and users with object privileges cannot access mandatory realm-secured objects if they are not authorized in realm.
To complete this recipe, you'll need an existing common user who has a DBA role in the pluggable database PDB1
(for example, c##zoran
).
Connect to a pluggable database (for example,
pdb1
) as a Database Vault account manager (for example,c##dbv_acctmgr
):SQL> connect c##dbv_acctmgr@pdb1
Create a new local user in the pluggable database (for example,
usr1
):SQL> create user usr1 identified by oracle;
Connect to the pluggable database as a common user who has a DBA role in
pdb1
(for example,c##zoran
):SQL> connect...