Question:
What does the
DBMS_NETWORK_ACL_ADMIN do" Can you show an example using
DBMS_NETWORK_ACL_ADMIN"
Answer:
The DBMS_NETWORK_ACL_ADMIN procedure is used to
create access control lists.
The creation of ACLs is a two step
procedure.
The first step is to create the
actual ACL and define the privileges for it:
The general syntax is as follows:
BEGIN
DBMS_NETWORK_ACL_ADMIN.CREATE_ACL (
acl => "file_name.xml",
description => "file description",
principal => "user_or_role",
is_grant => TRUE|FALSE,
privilege => "connect|resolve",
start_date => null|timestamp_with_time_zone,
end_date => null|timestamp_with_time_zone);
END;
The value connect for the
parameter privilege includes resolve!
This is necessary for the package UTL_INTADDR.
%
The parameter principal specifies the
first username granted the ACL and it is case
sensitive!
%
If you want to grant multiple users you must use the
DBMS_NETWORK_ACL.ADD_PRIVILEGE
procedure to add users.
Here is an example for an ACL:
BEGIN
DBMS_NETWORK_ACL_ADMIN.CREATE_ACL (
acl => 'sysdba-ch-permissions.xml',
description => "Permissions for sysdba network',
principal => "LUTZ',
is_grant => TRUE,
privilege => 'connect');
END;
This creates an xml file which holds a
list of users and privileges. This container is located
under /sys/acl/ in the XML DB.
The second step is to assign
network hosts to the ACL.
After the creation of the ACL you can
add hosts to it:
Below again you find the general
syntax:
BEGIN
DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL (
acl => "file_name.xml",
host => "network_host",
lower_port =>
null|port_number,
upper_port => null|port_number);
END;
And here is an example:
BEGIN
DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL (
acl => 'sysdba-ch-permissions.xml',
host => "*.sysdba.ch',
lower_port => 80,
upper_port => null);
END;
Also see my notes on
new acls in PL/SQL
|
|
|
|
|
Oracle Training from Don Burleson
The best on site
"Oracle
training classes" are just a phone call away! You can get personalized Oracle training by Donald Burleson, right at your shop!
|
|
|
|
| |
|
Burleson is the American Team
Note:
This Oracle
documentation was created as a support and Oracle training reference for use by our
DBA performance tuning consulting professionals.
Feel free to ask questions on our
Oracle forum.
Verify
experience!
Anyone
considering using the services of an Oracle support expert should
independently investigate their credentials and experience, and not rely on
advertisements and self-proclaimed expertise. All legitimate Oracle experts
publish
their Oracle
qualifications.
Errata?
Oracle technology is changing and we
strive to update our BC Oracle support information. If you find an error
or have a suggestion for improving our content, we would appreciate your
feedback. Just
e-mail:
 and include the URL for the page.
Copyright © 1996 - 2020
All rights reserved by
Burleson
Oracle ®
is the registered trademark of Oracle Corporation.
|
|
