How to configure an ACL report ORA-24247
Preface:
ORA-24247 errors when sending messages to external via Oracle 11, detailed error messages are as follows:
ERROR at line 1:
ORA-24247: network access denied by access control list (ACL)
ORA-06512: at "SYS. UTL_TCP", line 17
ORA-06512: at "SYS. UTL_TCP", line 246
ORA-06512: at "SYS. UTL_SMTP", line 127
ORA-06512: at "SYS. UTL_SMTP", line 150
ORA-06512: at & quot; MIS_PKG & quot;, line 1175
ORA-06512: at & quot; MIS_PKG & quot;, line 1207
ORA-06512: at line 1
A detailed description of oracle metalink search is as follows:
1. Cause: Because Oracle Database 11g has a new solution: You can grant the execution permission package to anyone, but control the resources they can call. For example, utl_tcp can be limited to calling only a few IP addresses. This mechanism is called the access control list (ACL ). If the host is in the ACL, you can use it in utl_tcp. However, it is not enough to have the execution permission for utl_tcp. Therefore, malicious processes cannot replace the utl_tcp package and establish illegal connections.
Fine grained auditing, enhanced in Oracle 11g, means access to certain packages (UTL_TCP, UTL_SMTP, UTL_MAIL, UTL_HTTP, or UTL_INADDR) now require specific access lists to be defined for security reasons instead of granting this access to PUBLIC and allowing all users access to them.
Ii. Solution
To allow access to any of the preceding packages, you must explicitly grant them access control lists. For example, if you create one and assign the user USER1 privilege to use UTL_SMTP pacakge, then send an email.
In order to allow access to any of the above mentioned packages, you will need to explicitly grant it via Access Control Lists. below is an example of how to create one, and assign the user USER1 the privilege to use the UTL_SMTP pacakge, and therefore send email.
Run the script:
BEGIN
DBMS_NETWORK_ACL_ADMIN.CREATE_ACL (
Acl => 'utl _ SMTP. xml ',
Description => 'acl for utl_smtp package ',
Principal => 'user1 ',
Is_grant => TRUE,
Privilege => 'connect ');
DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL (
Acl => 'utl _ SMTP. xml ',
Host => '<mail_server_ip> ');
END;
/
3. Manage acl Configuration
3.1 view acl Configuration
SELECT host, lower_port, upper_port, acl FROM dba_network_acls;
3.2 delete acl Configuration
BEGIN
DBMS_NETWORK_ACL_ADMIN.drop_acl (acl => 'utl_smtp.xml ');
COMMIT;
END;
/
Summary: ACL is only available after 11 GB. Many enterprises set up to send emails from 10 Gb or earlier. However, this error is reported when 11 GB is used, after the above configuration, you can finally send an email.
Migration from 32-bit to 64-bit for a single Oracle instance
Install Oracle 11gR2 (x64) in CentOS 6.4)
Steps for installing Oracle 11gR2 in vmwarevm
Install Oracle 11g XE R2 In Debian
Oracle RAC 11.2 (12C) correctly closes the order