Preventing users from exercising system privileges on schema objects
In this recipe, to prevent users to exercise system privileges (such as select any table), you are going to first create a realm and then you are going to change it to a mandatory realm. The mandatory realm further restricts access to protected objects. Schema owners and users with object privileges cannot access mandatory realm-secured objects if they are not authorized in realm.
Getting ready
To complete this recipe, you'll need an existing common user who has a DBA role in the pluggable database PDB1 (for example, c##zoran).
How to do it...
Connect to a pluggable database (for example,
pdb1) as a Database Vault account manager (for example,c##dbv_acctmgr):SQL> connect c##dbv_acctmgr@pdb1Create a new local user in the pluggable database (for example,
usr1):SQL> create user usr1 identified by oracle;Connect to the pluggable database as a common user who has a DBA role in
pdb1(for example,c##zoran):SQL> connect...
