RE: ACL question

From: Storey, Robert (DCSO) <"Storey,>
Date: Thu, 30 Aug 2018 12:23:34 +0000
Message-ID: <FE4C2B093843BB4B873D754E5E0BE4DB01D2D092FA_at_DCSOSVMS02.dcso.org>

I have resolve added to the privileges as well as connect. Which I thought was redundant since the documentation I read said that the privilege of connect included resolve as well?

From: Stefan Knecht [mailto:knecht.stefan_at_gmail.com] Sent: Wednesday, August 29, 2018 9:54 PM To: Storey, Robert (DCSO)
Cc: oracle-l_at_freelists.org
Subject: Re: ACL question

It would help if you could dump the ACLs you have created (e.g. your calls to dbms_network_acl_admin and perhaps output of the data dictionary to show the ACL).

What's frequently tripped me over is not adding "resolve" as well as "connect".

On Thu, Aug 30, 2018 at 1:53 AM, Storey, Robert (DCSO) <RStorey_at_dcso.nashville.org<mailto:RStorey_at_dcso.nashville.org>> wrote: Okay you ACL smart folks.

I’m new to ACL. I have a package that allows me to perform basic FTP using UTL_TCP and such. I created the acl using the SYS user so it owns it. I assigned an acl name and principle (sys). I then added the connect and resolve privileges for Sys to the ACL. I repeated this for SYSTEM.

I have an IP address that I do my FTP to. I did the Assign_acl command and assigned the IP to the ACL along with 21 as the upper and lower limit of the port.

A check of dba_network_acls shows the ACL exists and has the correct IP listed for HOST, the correct port numbers, and the correct ACL. A check of _acl_privileges shows the correct privileges for the sys user. When I attempt to open the connection using UTL_TCP.OPEN_CONNECTION with the host and port number, I get the ORA-024247 error about ACL permissions. I can’t get past this error.

I also checked the ACL via the EM page. It shows the ACL in its list, but, when I view it, I don’t see any users listed in principle. It shows Sys as the owner, but is not listied as part of the principles. Nor are the other 2 users I added privileges for.

Oh, and from the command line on the server I can FTP easily to the destination site. I am running toad from my workstation, connected to the database, and executing my test scripts there.

What am I missing? It’s gotta be something simple….

--

//
zztat - The Next-Gen Oracle Performance Monitoring and Reaction Framework! Visit us at zztat.net<http://zztat.net/> | _at_zztat_oracle | fb.me/zztat<http://fb.me/zztat> | zztat.net/blog/<http://zztat.net/blog/>

--

http://www.freelists.org/webpage/oracle-l Received on Thu Aug 30 2018 - 14:23:34 CEST

This message: [ Message body ]
Next message: Storey, Robert (DCSO): "RE: ACL question"
Previous message: nilesh kumar: "Re: How to Learn Oracle Cloud"
In reply to: Stefan Knecht: "Re: ACL question"
Next in thread: nilesh kumar: "Re: How to Learn Oracle Cloud"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message