From Oracle 11g network packages like UTL_TCP, UTL_SMTP, UTL_MAIL, UTL_HTTP, and UTL_INADDR which can be used to access external network resources, are more restricted and secured. Oracle 11g introduced Fine-Grained Access to these packages by creating an Access Control List to use any external network resource through these packages. Before this any user who had an execute privilege on these packages was able to do anything to any network resource like web and local mail servers etc. But now a user needs a little more than just an execute privilege on the network packages. ERROR at line 1: ORA-29273: HTTP request failed ORA-06512: at "SYS.UTL_HTTP", line 1722 ORA-24247: network access denied by access control list (ACL) ORA-06512: at "EDTS.ACCESS_URL", line 5 ORA-06512: at line 1
Acl => Name of the Access Control List. This is a XML file which will be created in /sys/acls directory by default. Description => Description of the ACL. Principal => Name of the user or role (case sensitive) to whom the permissions are being granted or denied. is_grant => TRUE or FALSE, whether to grant access or deny access Privilege => connect or resolve (lowercase always). Will the user be able to connect to the network resource or just could resolve the network address start_date => Start date (optional) of the access to the user end_date => End date (optional) of the access to the user
Example:BEGIN DBMS_NETWORK_ACL_ADMIN.CREATE_ACL ( ACL => 'EDTS_utl_http.xml', DESCRIPTION => 'Allow to call http url', PRINCIPAL => 'EDTS', IS_GRANT => TRUE, PRIVILEGE => 'connect' ); COMMIT; END;
takes the following parameters: acl=> Name of the Access Control List.
host=> Name of the host. lower_port=> Lower port (optional) from the range of ports allowed on this host. upper_port=> Upper port (optional) from the range of ports allowed on this host Example:BEGIN DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL ( ACL => 'EDTS_utl_http.xml', HOST => '*.myvaluefirst.com', LOWER_PORT => 60, UPPER_PORT => 8080 ); COMMIT; END;