As is true for most (though, admittedly not all) features of Oracle RDBMS, the support for honouring account status during SYSDBA/SYSOPER logons is available in Oracle multitenant environment as well. In addition, there are few Multi-tenant specific behavior, which is worth mentioning.
- Account status check happens for both PDB local as well as CDB common users
- Any container level local lock on a common user account is also honoured. So if the common user, who possesses administrative privileges, granted either commonly across the CDB or locally inside the PDB, is locked locally inside that PDB, any attempt to connect AS SYSDBA to that PDB will fail with ORA-28000 error.
- If the PDB, where the common user account is locked, is closed for business, the SYSDBA logon would go through successfully.
- Here too, SYS user is exempted from any container level lock, either a PDB local lock or CDB wide common lock.
- "SYS user exemption from account lock check" is NOT available in 220.127.116.11. This is true for PDB local lock as well.