How to unlock an account on multitenant RDS Oracle

Base on the Oracle RDS we can not connect tot CDB on RO instance.

But the interim solution for this is, you can connect between the destination and the source with public database link owned by the SYS$UMF user.

https://docs.oracle.com/en/database/oracle/oracle-database/19/arpls/DBMS_UMF.html#GUID-D01FF454-BE38-453A-A975-1604D91EB1BA

create database links between the primary and read replica database, and create the RMF configuration. With these resources, we generate some read load on the read replica and then generate an AWR report.

Hello I understand the use of the database link to workaround the RO replicas restrictions, but the problem is that account SYS$UMF is locked on the primary. I cannot use it in a database link without the account unlock. And the unlock is not possible in the cdb instance without unlock it in the root instance first:

alter user SYS$UMF account unlock Error report - ORA-65146: account cannot be unlocked in a PDB while it is locked in the root 65146. 00000 - "account cannot be unlocked in a PDB while it is locked in the root" *Cause: An attempt was made to unlock a common user account in a pluggable database (PDB) which was locked in the root of the container database. *Action: Ensure that a common user account is not locked in the root before attempting to unlock it in a PDB.

For the same , I could not change its password:

alter user SYS$UMF identified by sysumf Error report - ORA-65066: The specified changes must apply to all containers 65066. 00000 - "The specified changes must apply to all containers" *Cause: An attempt was made to apply the specified changes to the current container. *Action: Specify CONTAINER=ALL.

If I add the container=all , is the same.

alter user SYS$UMF identified by sysumf container=all Error report - ORA-65040: operation not allowed from within a pluggable database 65040. 00000 - "operation not allowed from within a pluggable database" *Cause: An operation was attempted that can only be performed in the root or application root container. *Action: Switch to the root or application root container to perform the operation.

Beyond the replica restrictions, How I can unlock o or change a password of a commun account (in the root instance) in a PDB environment on a primary Oracle RDS instance?

Thanks

Hello, According to AWS documentation for Oracle Multitenant Architecture [+] https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/oracle-multi-architecture.html

=> Note You can't access the CDB itself.

Hence, it is not possible to unlock or change a password of a common account in the root instance in a PDB environment on a primary Oracle RDS instance.

Unfortunately there is no workaround for this. You can keep an eye on AWS What’s New [1], AWS Database Blog [2] and AWS Forum [3] if there is any new notice on the availability. [1] https://aws.amazon.com/new/ [2] https://aws.amazon.com/blogs/database/ [3] https://forums.aws.amazon.com/index.jspa