It is throwing an error as expected because ALTER SYSTEM is disabled due to the PDB_LOCKDOWN setting.
ALTER LOCKDOWN PROFILE statement to alter a PDB lockdown profile. You can use PDB lockdown profiles in a multitenant environment to restrict user operations in pluggable databases (PDBs).
Create a lockdown profile:-
SQL> conn / as SYSDBA SQL> create lockdown profile lock_profile; Lockdown Profile created. SQL> ALTER LOCKDOWN PROFILE lock_profile DISABLE STATEMENT = ('ALTER SYSTEM'); Lockdown Profile altered. Connect in PDB database and check the default pdb_lockdown setting:-
SQL> ALTER SESSION SET CONTAINER = pdb1; System altered. SQL> SHOW PARAMETER PDB_LOCKDOWN NAME TYPE VALUE ------------------------------------ ----------- ------------------------------ pdb_lockdown string DEFAULT_PDB_LOCKDOWN SQL> alter system checkpoint; System altered. We can now apply the lockdown profile to the pluggable database PDB1, simply by setting the pdb_lockdown parameter for that container.
SQL> ALTER SESSION SET CONTAINER = pdb1; System altered. SQL> SHOW PARAMETER PDB_LOCKDOWN NAME TYPE VALUE ------------------------------------ ----------- ------------------------------ pdb_lockdown string DEFAULT_PDB_LOCKDOWN SQL> ALTER SYSTEM SET PDB_LOCKDOWN = lock_profile; System altered. SQL> SHOW PARAMETER PDB_LOCKDOWN; NAME TYPE VALUE ------------------------------------ ----------- ------------------------------ pdb_lockdown string lock_profile
Now from this PDB, fire ALTER SYSTEM statement:-
SQL> alter system checkpoint; alter system checkpoint * ERROR at line 1: ORA-01031: insufficient privileges
Recommended Posts