ORA-24247: network access denied by access control list
2014-12-09 14:23
302 查看
Applies to:
PL/SQL - Version 11.1.0.6 and later
Information in this document applies to any platform.
***Checked for relevance on 26-Jun-20136***
Prior to 11gR1 you were able to run PL/SQL code making calls to the following Oracle Supplied Packages without error.
UTL_TCP
UTL_HTTP
UTL_SMTP
UTL_MAIL
After moving to 11gR1 or later you are now experiencing a form of the following error message...
ORA-24247: network access denied by access control list (ACL)
In 11gR1 the Oracle Database enhanced the level of security when users attempt to access External Network Services by implementing Access Control Lists (ACL) using the new DBMS_NETWORK_ACL_ADMIN package. The PL/SQL packages listed above were affected.
For more information on this change to Oracle Database Security please review the following
Solution
To resolve this error, connect to the database as a user with DBA privileges and issue the following script which will grant a user access to External Network Services. Be sure to replace the name of user
SCOTT with the name of the user in which you want to grant access. This value is case-sensitive.
BEGIN
-- Only uncomment the following line if ACL "network_services.xml" has already been created
--DBMS_NETWORK_ACL_ADMIN.DROP_ACL('network_services.xml');
DBMS_NETWORK_ACL_ADMIN.CREATE_ACL(
acl => 'network_services.xml',
description => 'NETWORK ACL',
principal => 'SCOTT',
is_grant => true,
privilege => 'connect');
DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(
acl => 'network_services.xml',
principal => 'SCOTT',
is_grant => true,
privilege => 'resolve');
DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL(
acl => 'network_services.xml',
host => '*');
COMMIT;
END;
Elapsed: 00:00:00.01
11:19:36 sys@warehous>BEGIN
11:20:20 2 DBMS_NETWORK_ACL_ADMIN.CREATE_ACL (
11:20:20 3 acl => 'mailserver_acl.xml',
11:20:20 4 description => 'Network connection permission for ACCT_MGR',
11:20:20 5 principal => 'DW001', -- Must be in upper case
11:20:20 6 is_grant => TRUE,
11:20:20 7 privilege => 'connect');
11:20:20 8 END;
11:20:20 9 /
BEGIN
DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL (
acl => 'mailserver_acl.xml',
host => '*',
PL/SQL procedure successfully completed.
Elapsed: 00:00:00.04
11:20:20 sys@warehous>11:20:20 sys@warehous>11:20:20 2 11:20:20 3 11:20:20 4 11:20:20 5 lower_port => 25,
11:20:20 6 upper_port => 25);
11:20:20 7 END;
11:20:20 8 /
PL/SQL procedure successfully completed.
Elapsed: 00:00:00.09
11:20:26 sys@warehous>
11:20:28 sys@warehous>
11:20:29 sys@warehous>commit;
Commit complete.
15:15:30 sys@warehous>select host, lower_port, upper_port, acl from dba_network_acls;
HOST LOWER_PORT UPPER_PORT ACL
------------------------------ ---------- ---------- --------------------------------------------------
* 25 25 /sys/acls/mailserver_acl.xml
15:17:26 sys@warehous>select acl,
15:17:47 2 principal,
15:17:47 3 privilege,
15:17:47 4 is_grant
15:17:47 5 from dba_network_acl_privileges;
ACL PRINCIPAL PRIVILE IS_GRANT
-------------------------------------------------- ------------------------------ ------- --------------------
/sys/acls/mailserver_acl.xml DW001 connect true
PL/SQL - Version 11.1.0.6 and later
Information in this document applies to any platform.
***Checked for relevance on 26-Jun-20136***
Prior to 11gR1 you were able to run PL/SQL code making calls to the following Oracle Supplied Packages without error.
UTL_TCP
UTL_HTTP
UTL_SMTP
UTL_MAIL
After moving to 11gR1 or later you are now experiencing a form of the following error message...
ORA-24247: network access denied by access control list (ACL)
In 11gR1 the Oracle Database enhanced the level of security when users attempt to access External Network Services by implementing Access Control Lists (ACL) using the new DBMS_NETWORK_ACL_ADMIN package. The PL/SQL packages listed above were affected.
For more information on this change to Oracle Database Security please review the following
Solution
To resolve this error, connect to the database as a user with DBA privileges and issue the following script which will grant a user access to External Network Services. Be sure to replace the name of user
SCOTT with the name of the user in which you want to grant access. This value is case-sensitive.
BEGIN
-- Only uncomment the following line if ACL "network_services.xml" has already been created
--DBMS_NETWORK_ACL_ADMIN.DROP_ACL('network_services.xml');
DBMS_NETWORK_ACL_ADMIN.CREATE_ACL(
acl => 'network_services.xml',
description => 'NETWORK ACL',
principal => 'SCOTT',
is_grant => true,
privilege => 'connect');
DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(
acl => 'network_services.xml',
principal => 'SCOTT',
is_grant => true,
privilege => 'resolve');
DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL(
acl => 'network_services.xml',
host => '*');
COMMIT;
END;
Elapsed: 00:00:00.01
11:19:36 sys@warehous>BEGIN
11:20:20 2 DBMS_NETWORK_ACL_ADMIN.CREATE_ACL (
11:20:20 3 acl => 'mailserver_acl.xml',
11:20:20 4 description => 'Network connection permission for ACCT_MGR',
11:20:20 5 principal => 'DW001', -- Must be in upper case
11:20:20 6 is_grant => TRUE,
11:20:20 7 privilege => 'connect');
11:20:20 8 END;
11:20:20 9 /
BEGIN
DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL (
acl => 'mailserver_acl.xml',
host => '*',
PL/SQL procedure successfully completed.
Elapsed: 00:00:00.04
11:20:20 sys@warehous>11:20:20 sys@warehous>11:20:20 2 11:20:20 3 11:20:20 4 11:20:20 5 lower_port => 25,
11:20:20 6 upper_port => 25);
11:20:20 7 END;
11:20:20 8 /
PL/SQL procedure successfully completed.
Elapsed: 00:00:00.09
11:20:26 sys@warehous>
11:20:28 sys@warehous>
11:20:29 sys@warehous>commit;
Commit complete.
15:15:30 sys@warehous>select host, lower_port, upper_port, acl from dba_network_acls;
HOST LOWER_PORT UPPER_PORT ACL
------------------------------ ---------- ---------- --------------------------------------------------
* 25 25 /sys/acls/mailserver_acl.xml
15:17:26 sys@warehous>select acl,
15:17:47 2 principal,
15:17:47 3 privilege,
15:17:47 4 is_grant
15:17:47 5 from dba_network_acl_privileges;
ACL PRINCIPAL PRIVILE IS_GRANT
-------------------------------------------------- ------------------------------ ------- --------------------
/sys/acls/mailserver_acl.xml DW001 connect true
相关文章推荐
- 记一次ORA-24247: network access denied by access control list (ACL)
- ORA-24247: network access denied by access control list (ACL)
- ORA-24247:network access denied by access control list (ACL) 的处理方法
- ORA-24247: network access denied by access control list (ACL)
- oracle 发送邮件(job,ORA-24247: network access denied by access control list (ACL))
- Windows Azure Virtual Network (10) 使用Azure Access Control List(ACL)设置客户端访问权限
- Access Control List and Process(如何设置DACL)
- Enhancing network controls in mandatory access control computing environments
- mount.nfs: access denied by server while mounting 192.168.0.104:/nfsboot
- ORA-07274: spdcr: access error, access to oracledenied.
- ORA-39181: Only partial table data may be exported due to fine grain access control on "OE"."PURCHAS
- XMLHttpRequest cannot load – Origin is not allowed by Access-Control-Allow-Origin.
- Oracle ACL(Access Control List)
- jquey XMLHttpRequest cannot load url.Origin null is not allowed by Access-Control-Allow-Origin
- Request header field Content-Type is not allowed by Access-Control-Allow-Headers跨域
- Ajax跨域get出现的Not allowed by Access-Control-Allow-Origin
- 向List Control中添加ACCESS数据内容
- Access Control List in .net
- Access Control List