In administering the PDB, the parameters can be changed as described at the PDB level. You can also change these parameters for a PDB at the CDB level.
The changes can be restricted so that only CDB administrators can modify these settings for the PDB. This will allow the CDB DBAs to know how many PDBs are in the CDB and manage it.
The changes will be kept even while the sysdba user in each PDB can have the DBA permissions in the PDB and administer the PDB.
This really provides another level of security or separation of duties to make sure that the PDB parameters are managed in a way to fit with the overall environments.
Restrict what makes sense for the environment and other parameters are allowed in the PDB by the administrators or DBAs for the PDBs.
This is done with PDB_LOCKDOWN. The lockdown profile is created and set for a PDB, and the commands are added to the profile to restrict PDB DBAs from changing the configurations, such as those set with CPU, memory, etc.
In the CDB here is a quick overview of creating PDB_LOCKDOWNs:
SQL> create lockdown profile pdbprofile1;
SQL> alter lockdown profile pdbprofile1 disable statement=(‘alter system’) clause=(‘set’) option all;
This will lock down and disable any alter system set commands for the users, including DBA privileged users, in the PDB and not allow these type of changes in the PDB where this is enabled.
SQL> alter session set container=mmpdb; SQL> show parameter pdb_lockdown
NAME TYPE VALUE
pdb_lockdown string
SQL> alter system set pdb_lockdown=pdbprofile1;
You can view the parameters in PDB_LOCKDOWN:
SQL> show parameter pdb_lockdown
NAME TYPE VALUE
pdb_lockdown string PDBPROFILE1
Oracle has dynamic lockdown profiles that allow for additional parameter settings, resource manager plans, and options. They are dynamic because they do not require that the PDB be restarted and take effect immediately.
Viewing PDB History
If you need to view when a PDB was created, you can query the CDB_PDB_HISTORY view, as shown here:
SQL> COL db_name FORM A10 SQL> COL con_id FORM 999 SQL> COL pdb_name FORM A15
SQL> COL operation FORM A16 SQL> COL op_timestamp FORM A10
SQL> COL cloned_from_pdb_name FORMAT A15 —
SQL> SELECT db_name, con_id, pdb_name, operation, op_timestamp, cloned_from_pdb_name
FROM cdb_pdb_history WHERE con_id > 2 ORDER BY con_id;
Here is some sample output:
DB_NAME CON_ID PDB_NAME OPERATION OP_TIMESTA CLONED_FROM_PDB
CDB 3 SALESPDB CREATE 04-DEC-12 PDB$SEED
CDB 4 HRPDB CREATE 10-FEB-13 PDB$SEED
In this way, you can determine when a PDB was created and from what source.
