Oracle ACL(Access Control List)

Others 2022-05-26 15:32:55 views: 0

In oralce 11g, if you want to get the ip or hostname of the server, execute the following statement

SELECT utl_inaddr.get_host_address FROM dual;  //获取IP

SELECT utl_inaddr.get_host_name FROM dual;  //Get the host name

If it works fine in oracle 9i, but in 11g you may get an inexplicable error message:

ORA-24247: network access denied by access control list(ACL)

 

You may immediately think of what additional permissions are needed, and we usually grant permissions to grant XXX to user_name; but you can't find any permissions that correspond to ACLs.

In fact, additional permissions are required here, but the way of granting permissions is quite abnormal, which is too different from the way of grant.

 

Fine-grained access to web services

In order to control network permissions in more detail, Oracle 11g has set a separate permission access control method for access to several PL/SQL APIs (UTL_TCP, UTL_SMTP, UTL_MAIL, UTL_HTTP and UTL_INADDR).

Among them, UTL_SMTP and UTL_MAIL are related to mail. For example, you can set in the trigger to send an email to a person in charge when inserting and deleting operations are performed in certain tables.

 

give permission

What if you want to give users access to the functions mentioned above? You need to pass the following pl/sql statement

BEGIN

DBMS_NETWORK_ACL_ADMIN.CREATE_ACL ( acl  => 'abc.xml' , -- the name of this xml file is chosen arbitrarily, but the same name is different 

description =>'ACL list', 

principal  => 'ARWEN' , --indicates which user the authority is given to 

is_grant  => true, -- if it is true, it means granting permission. If it is false, it is equivalent to canceling the permission. 

privilege=>'connect');  

 

 

DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(acl =>'abc.xml', 

principal =>'ARWEN', 

is_grant =>true, 

privilege=>'resolve');  

 

 

DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL(acl =>'abc.xml', 

host => 'Oracle_Host_name'); --因为那些网络操作的权限是针对某一个server的,所以这里是指定一台机器的名字

 

END;

 

 

如果要删除上面的控制列表

BEGIN

DBMS_NETWORK_ACL_ADMIN.drop_acl ( acl => 'abc.xml');

END;

删除这个列表,那用些列表赋予权限的那些用户自然也被取消相应的权限了.

 

关于DBMS_NETWORK_ACL_ADMIN的详细介绍参看Oracle 官方文档:

http://docs.oracle.com/cd/B28359_01/appdev.111/b28419/d_networkacl_adm.htm

 

Guess you like

Origin http://10.200.1.11:23101/article/api/json?id=326972221&siteId=291194637
Recommended
Ranking
SpringBoot-integrate redis
[Sword pointing to offer] Interview question 03: Repeated numbers in an array
Arrangement "Offer Penalty for prove safety" string
Browser prevent the automatic generation of fill and Echo have been saved account solutions
Work hard and never slacken——2022 Yinmai Information Year-End Summary
Install jdk7 on Linux system
App common dependency management tools
EduCoder-Web程序设计基础-html5— 给表单组件添加说明-第1关:label标签相关概念
Machine learning - clustering - density clustering algorithm notes
Ant's large model is exposed, AI+ finance enters the "big model" era
Daily
More
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)

Code World

© 2018 codetd.com