A common role is a database role that exists in the root and in every existing and future pluggable database (PDB). Common roles are useful for cross-container operations, ensuring that a common user has a role in every container.
Every common role is either user-created or Oracle-supplied. All Oracle-supplied roles are common, such as DBA and PUBLIC. User-created common roles must have names starting with C## or c##, and must contain only ASCII or EBCDIC characters. For example, a multitenant container database (CDB) administrator might create common user c##dba, and then grant the DBA role commonly to this user, so that c##dba has the DBA role in any existing and future PDB.
A user can only perform common operations on a common role, for example, granting privileges commonly to the role, when the following criteria are met:
The user is a common user whose current container is root.
The user has the SET CONTAINER privilege granted commonly, which means that the privilege applies in all containers.
The user has privilege controlling the ability to perform the specified operation, and this privilege has been granted commonly.
For example, to create a common role, a common user must have the CREATE ROLE and the SET CONTAINER privileges granted commonly. Common roles created using Oracle Enterprise Manager Database Express (EM Express) must be created in the root.
See Also:
Oracle Database Concepts for more details about roles and privileges granted commonly in a CDB
Oracle Database Security Guide to learn how to manage common roles