Working with ACL

As sys USER:
----------------

exec DBMS_NETWORK_ACL_ADMIN.CREATE_ACL
(
acl=> 'EBIS.xml',
description => 'ACL for Test Purpose',
principal=> 'TESTADM',
is_grant=> true,
privilege =>'connect'
);


exec DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL(acl => 'Test.xml', host => '192.168.9.4');

select * from dba_network_acls;
select * from dba_network_acl_privileges;
select * from user_network_acl_privileges;
SELECT DISTINCT aclid, XD.DESCRIPTION FROM xds_acl xd;


If you want to unassign an host from an ACL please execute below procedure

begin
DBMS_NETWORK_ACL_ADMIN.UNASSIGN_ACL(acl => 'Test.xml', host => '192.168.9.5');
end;
/


As a TESTADM USER:
-------------------

> select sys.utl_http.request('http://192.168.9.5') from dual;

ORA-29273: HTTP request failed
ORA-06512: at "SYS.UTL_HTTP", line 1722
ORA-24247: network access denied by access control list (ACL)
ORA-06512: at line 1



> select sys.utl_http.request('http://192.168.9.4') from dual;




...............
................
< width="50%" valign="middle" align="center">




-- means it works !!!


If we want to add a new principal to this ACL List. Please try with below code


Begin
DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE
(
acl => 'EBIS.xml',
principal => 'USER2',
is_grant => true,
privilege => 'connect',
position => null
);
COMMIT;
END
/


we can test by sending a sample mail

create or replace procedure test_mail is
mailhost VARCHAR2(30) := '192.168.10.74';
mail_conn utl_smtp.connection;
mesg varchar2(32767);
crlf CONSTANT VARCHAR2(2) := CHR(13) || CHR(10);
text varchar2(32767);

begin
text := 'text_sample';
mail_conn := utl_smtp.open_connection(mailhost, 25);
utl_smtp.helo(mail_conn, mailhost);
mesg := 'Subject: DBA ALERTS' || crlf || 'To: ' || crlf ||
'Mime-Version: 1.0' || crlf ||
'Content-Type: text/html; charset=BLT8MSWIN1257' || crlf || text;
utl_smtp.mail(mail_conn, 'saifur.rashid@saif.com');
utl_smtp.rcpt(mail_conn, 'saifur.rashid@saif.com');
utl_smtp.data(mail_conn, mesg);
utl_smtp.quit(mail_conn);
end test_mail;


exec test_mail;


NB: for more command reference please visit
http://psoug.org/reference/dbms_network_acl_admin.html
http://download.oracle.com/docs/cd/B28359_01/appdev.111/b28419/d_networkacl_adm.htm

Comments

  1. obaidOctober 9, 2010 at 9:45 PM

    Thanks shaon, it was a great help for us and for our development team !!

    ReplyDelete

Post a Comment

Popular posts from this blog

Restoring Master, Model and MSDB from Netbackup

Restoring System Databases got two parts: Taking the instance in single user mode and Restoring the Master Database If you need to rebuild the system databases on top of this you can use the below command: "C:\Program Files\Microsoft SQL Server\ 100 \Setup Bootstrap\ SQLServer2008R2 \setup.exe" /ACTION=REBUILDDATABASE /INSTANCENAME=SQL008 /SQLSYSADMINACCOUNTS=domain\ServiceUserName /SAPWD="yourpasswordOfSAuser" /SQLCOLLATION="Latin1_General_CI_AS" here 100 is for SQL Server 2008R2. It can vary case by case. How to take instance to single user mode: Two situation can happen: 1. Standalone Instance  2. Failover Cluster Instance 1. Standalone Instance: Go to SQL Config Manager SQL Service Properties -> Advanced Properties -> Startup Parameters put -m; in the Startup Parameters Apply and Okay - it will ask to restart the SQL Service to take effect. Stop and Start the service from Config Manager or you can stop and serv...
Read more

Oracle Job Operations

As a DBA, often I need to deal with Client's Jobs. Sometimes the jobs got hault, needs to break etc etc. Here are some useful commands for this sort of operations. ## Job Owner Schema can do this execute dbms_job.remove(444); execute dbms_job.broken(444, true); ## If Sys User needs to remove the job exec SYS.DBMS_IJOB.REMOVE(444); ## to find which jobs are running SELECT a.sid, c.serial#, a.job, a.failures, to_char(a.this_date, 'mm/dd/yyyy hh:mi pm') startdatetime, b.what FROM dba_jobs_running a, dba_jobs b, v$session c WHERE a.job = b.job AND a.sid = c.sid order by a.this_date ##let say we have only sid and serial and we need to kill the process from both OS and database. So first we need to find out the SPID. this query for any RAC database select P.SPID ,S.SID ,S.SERIAL#, S.SCHEMANAME, S.PROGRAM, S.INST_ID, S.OSUSER, S.STATUS from gv$process p, gv$session s where P.ADDR=S.PADDR and S.SID=888 and s.serial#=9293; ## kill the job al...
Read more