Re: ACL issue

From: <>
Date: Tue, 31 Dec 2013 02:00:16 -0000
Message-ID: <75706C7211224C3DBEE3C6B69DAEB273_at_NAUTILUS>

Hi Sandra,
Do you know when the ACL was actually changed? What do the redo logs say? You might be able to narrow down the source of the change. RedoWalker could help Cheers,

From: Sandra Becker
Sent: Monday, December 30, 2013 8:59 PM
To: oracle-l
Subject: Re: ACL issue

Only batch jobs were processed between the successful run on Sunday morning and the run this morning. No one but DBAs can add/remove users from the ACL. I did not even log in to either database. Nothing automatically runs that will do the grants, or drop/create an ACL for that matter. The other DBAs are enjoying their week off--I'm the only one working. My biggest concern was that the ACL in production was somehow dropped.

Thanks for your thoughts.

On Mon, Dec 30, 2013 at 9:41 AM, Andrew Kerber <> wrote:

  This problem was almost certainly caused by user error. But another possibility is that a trigger was used improperly when adding and removing users from the ACL.

  On Mon, Dec 30, 2013 at 10:14 AM, Sandra Becker <> wrote:

    Oracle: 11gR2 EE

    OS: SunOS 5.10 Generic_148888-01 (64 bit)

    Access control lists were set up in several production and non-production databases about 4 years ago. Certain scheduled jobs use UTL_SMTP. They have been working successfully since they were set up. This morning at 4:00am, two databases began failing when trying to email. The other 50+ databases continues working correctly.

    While troubleshooting the issue, I noticed that the privilege for the specific user was no longer there in the non-production database and the acl was missing from the production database. I re-granted the privilege in the non-production database and the job completed successfully. I had to re-create the acl, assign the host, and grant the privilege to the specific user in the production database and the jobs began executing successfully again.


  1. What would cause this behavior? I have been the on-call DBA since Dec 25th and haven't even looked at these databases until I was paged this morning.
  2. Is this common? Is this something we should be checking for? I've been here only 4 months and the lead DBA isn't sure what might have been the root cause.

    Any suggestions are appreciated. Thank you.


    Transzap, Inc.

  Andrew W. Kerber

  'If at first you dont succeed, dont take up skydiving.'


Transzap, Inc.

-- Received on Tue Dec 31 2013 - 03:00:16 CET

Original text of this message