The Problem

The following error is generated when creating a lockdown profile in application container of a PDB database.

ORA-65208: Lockdown profile P1 does not exist.

The Solution

When pdb_lockdown parameter is set in an application container using a CDB common user(e.g SYS), we look up lockdown profile defined in the CDB ROOT. In this test case, clearly, there is a lockdown profile name p1 defined in CDB$ROOT which doesn’t have OS_ACCESS disabled. If there was no lockdown profile named p1 in CDB$ROOT, the setting would have failed as below:

SQL> alter system set pdb_lockdown=p1;
alter system set pdb_lockdown=p1
ERROR at line 1:
ORA-65208: Lockdown profile P1 does not exist.

To test lockdown profiles created in APP ROOT, please use an application common user with appropriate privileges to set pdb_lockdown in the application container. (I understand that SYS can create lockdown profiles in APP ROOT but he can only set pdb_lockdown to a lockdown profile defined in CDB$ROOT)

SQL> alter system set pdb_lockdown=c##p2;

System altered.