How to configure an ACL report ORA-24247

How to configure an ACL report ORA-24247

Preface:

ORA-24247 errors when sending messages to external via Oracle 11, detailed error messages are as follows:

ERROR at line 1:

ORA-24247: network access denied by access control list (ACL)

ORA-06512: at "SYS. UTL_TCP", line 17

ORA-06512: at "SYS. UTL_TCP", line 246

ORA-06512: at "SYS. UTL_SMTP", line 127

ORA-06512: at "SYS. UTL_SMTP", line 150

ORA-06512: at & quot; MIS_PKG & quot;, line 1175

ORA-06512: at & quot; MIS_PKG & quot;, line 1207

ORA-06512: at line 1
 

A detailed description of oracle metalink search is as follows:

1. Cause: Because Oracle Database 11g has a new solution: You can grant the execution permission package to anyone, but control the resources they can call. For example, utl_tcp can be limited to calling only a few IP addresses. This mechanism is called the access control list (ACL ). If the host is in the ACL, you can use it in utl_tcp. However, it is not enough to have the execution permission for utl_tcp. Therefore, malicious processes cannot replace the utl_tcp package and establish illegal connections.

Fine grained auditing, enhanced in Oracle 11g, means access to certain packages (UTL_TCP, UTL_SMTP, UTL_MAIL, UTL_HTTP, or UTL_INADDR) now require specific access lists to be defined for security reasons instead of granting this access to PUBLIC and allowing all users access to them.

Ii. Solution

To allow access to any of the preceding packages, you must explicitly grant them access control lists. For example, if you create one and assign the user USER1 privilege to use UTL_SMTP pacakge, then send an email.

In order to allow access to any of the above mentioned packages, you will need to explicitly grant it via Access Control Lists. below is an example of how to create one, and assign the user USER1 the privilege to use the UTL_SMTP pacakge, and therefore send email.

Run the script:

BEGIN

DBMS_NETWORK_ACL_ADMIN.CREATE_ACL (

Acl => 'utl _ SMTP. xml ',

Description => 'acl for utl_smtp package ',

Principal => 'user1 ',

Is_grant => TRUE,

Privilege => 'connect ');

DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL (

Acl => 'utl _ SMTP. xml ',

Host => '<mail_server_ip> ');

END;

/

3. Manage acl Configuration

3.1 view acl Configuration

SELECT host, lower_port, upper_port, acl FROM dba_network_acls;

3.2 delete acl Configuration

BEGIN

DBMS_NETWORK_ACL_ADMIN.drop_acl (acl => 'utl_smtp.xml ');

COMMIT;

END;

/

Summary: ACL is only available after 11 GB. Many enterprises set up to send emails from 10 Gb or earlier. However, this error is reported when 11 GB is used, after the above configuration, you can finally send an email.

Migration from 32-bit to 64-bit for a single Oracle instance

Install Oracle 11gR2 (x64) in CentOS 6.4)

Steps for installing Oracle 11gR2 in vmwarevm

Install Oracle 11g XE R2 In Debian

Oracle RAC 11.2 (12C) correctly closes the order