OCP考试第7题

7. You need to configure fine-grained(细粒度) access control(访问控制) to external network resources from within(从....里面) your database.

你需要配置从数据库里面配置细粒度访问外部访问网络资源

You create an access control list (ACL) using the DBMS_NETWORK_ACL_ADMIN package. Which statement is true regarding the ACL created?

你通过DBMS_NETWORK_ACL_ADMIN包创建了一个ACL。哪句话关于ACL创建是正确的？

A. It is a list of remote database links stored in the XML file that are available to the users of the database.

这是存在XML文件中供给数据库用户使用的远程数据库链表。

B. It is a list of users and network privileges stored in the XML file according to which a group of users can connect to one or more hosts.

它是存储在XML文件中的用户和网络特权的列表，根据该列表，一组用户可以连接到一个或多个主机。

C. It is a list of users and network privileges stored in the data dictionary according to which a group of users can connect to one or more hosts.

它是存储在数据字典中的用户和网络特权的列表，根据该列表，一组用户可以连接到一个或多个主机。

D. It is the list of the host names or the IP addresses stored in the data dictionary that can connect to your database through PL/SQL network utility packages such as UTL_TCP.

它是存储在数据字典中的主机名或IP地址的列表，可以通过PL/SQL网络实用程序包（如UTL_TCP）连接到数据库。

知识点:ACL

Grant the connect and resolve privileges for host www.us.oracle.com to SCOTT.

BEGIN
  DBMS_NETWORK_ACL_ADMIN.CREATE_ACL(acl         => 'www.xml',
                                    description => 'WWW ACL',
                                    principal   => 'SCOTT',
                                    is_grant    => true,
                                    privilege   => 'connect');
 
  DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(acl       => 'www.xml',
                                       principal => 'SCOTT',
                                       is_grant  => true,
                                       privilege => 'resolve');
 
  DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL(acl  => 'www.xml',
                                    host => 'www.us.oracle.com');
END;
/
COMMIT;

通过以下语句可以查询
  SELECT host, lower_port, upper_port, acl,
     DECODE(
         DBMS_NETWORK_ACL_ADMIN.CHECK_PRIVILEGE_ACLID(aclid, 'SCOTT', 'connect'),
            1, 'GRANTED', 0, 'DENIED', null) privilege
     FROM dba_network_acls
    WHERE host IN
      (SELECT * FROM
         TABLE(DBMS_NETWORK_ACL_UTILITY.DOMAINS('www.us.oracle.com')))
   ORDER BY DBMS_NETWORK_ACL_UTLITITY.DOMAIN_LEVEL(host) desc, lower_port, 
                                               upper_port;

查询结果如下：

   HOST                 LOWER_PORT UPPER_PORT         ACL          PRIVILEGE
   -------------------- ---------- ---------- -------------------- ---------
   www.us.oracle.com            80         80 /sys/acls/www.xml    GRANTED
   www.us.oracle.com          3000       3999 /sys/acls/www.xml    GRANTED
   www.us.oracle.com                          /sys/acls/www.xml    GRANTED
   *.oracle.com                               /sys/acls/all.xml
   *                                          /sys/acls/all.xml

答案：B  可以看到查询结果是xml文件。