Using UTL_SMTP to send email from your oracle database has changed in Oracle 11g. Or – to be more precise – accessing the remote network has changed.

Initializing a remote connection using UTL_SMTP will typically result in error below if you did not configure your database network access lists (ACL) for the user involved.

-1. the error
===

SQL> DECLARE  2    v_mailsever_host VARCHAR2(30) := 'mail.<domain>.nl';3    v_mailsever_port PLS_INTEGER  := 25;4    l_mail_conn  UTL_SMTP.CONNECTION;5  BEGIN6    l_mail_conn := UTL_SMTP.OPEN_CONNECTION( v_mailsever_host, v_mailsever_port);7  END;8  /DECLARE*ERROR at line 1:ORA-24247: network access denied by access control list (ACL)ORA-06512: at "SYS.UTL_TCP", line 17ORA-06512: at "SYS.UTL_TCP", line 267ORA-06512: at "SYS.UTL_SMTP", line 161ORA-06512: at "SYS.UTL_SMTP", line 197ORA-06512: at line 6SQL> sho user
USER is "SCOTT"SQL>

“wat is dit nu weer !!!”

Allright – in Oracle 11g – you have to configure (grant) each and every network access point using so called Access Control Lists (ACL’s). Obviously user SCOTT is not configured to access the network point it’s trying to access here.

The docs are here in ‘Managing Fine-Grained Access to External Network Services’ –//docs.oracle.com/cd/B28359_01/network.111/b28531/authorization.htm#DBSEG40012

-0. check for current existing ACL’s
Let’s check out all currently presentAccess Control Lists in the database;
===

SQL> SELECT host, lower_port, upper_port, acl FROM dba_network_acls ;no rows selectedSQL>

Allright – none present – let’s create a new network access list using DBMS_NETWORK_ACL_ADMIN

— privilege – Use ‘connect’ for UTL_TCP, UTL_SMTP, UTL_MAIL and UTL_HTTP access. Use ‘resolve’ for UTL_INADDR name/IP resolution. The text for the privilege is case sensitive. A list of all available network access privileges is in the DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE reference.

-1. create new list
===
Here we create a new ACL list ‘acl_test_for_scott.xml’ with default initial grantee user SCOTT.

BEGINDBMS_NETWORK_ACL_ADMIN.create_acl (acl          => 'acl_test_for_scott.xml', description  => 'A test of the ACL functionality',principal    => 'SCOTT',is_grant     => TRUE, privilege    => 'connect',start_date   => SYSTIMESTAMP,end_date     => NULL);COMMIT;END;/

Now check if we can find this new ACL in the data dictionary:

SQL> SELECT host, lower_port, upper_port, acl FROM dba_network_acls;no rows selected

?? Why does my newly created ACL ‘acl_test_for_scott.xml’ fail to show up?

OK… explained here – https://forums.oracle.com/forums/thread.jspa?threadID=2208522#jive-message-10494920 – new ACL’s will only be visible once a at least one access points has been assigned to the ACL (imho this is a bug).

OK next is adding an access point to our ACL.

-2. add access point to the new ACL
Add a network access point to the ACL list;

BEGINDBMS_NETWORK_ACL_ADMIN.assign_acl (acl => 'acl_test_for_scott.xml',host => 'mail.<domain>.nl', lower_port => 80,upper_port => NULL); END;/

No sparky, mailservers usually listen on port 25…
OK, add another access point.

BEGINDBMS_NETWORK_ACL_ADMIN.assign_acl (acl => 'acl_test_for_scott.xml',host => 'mail.********.nl',     lower_port => 25,    upper_port => NULL); COMMIT;

-4. add another database user to the ACL list

BEGINDBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(acl => 'acl_test_for_scott.xml', principal => 'PANNENKOEK', is_grant => TRUE, privilege => 'connect');END;/

-5. retrieve our new configuration from the dictionary

— query all access points (per ACL)

SQL> l  1* select * from dba_network_acls
SQL> /HOST       LOWER_PORT UPPER_PORT ACL
---------- ---------- ---------- ------------------------------
mail.**.nl         80         80 /sys/acls/acl_test_for_scott.xml
mail.**.nl         25         25 /sys/acls/acl_test_for_scott.xmlSQL>

— query ACL grants

SQL> l  1  SELECT acl,2         principal,3         privilege,4         is_grant,5         TO_CHAR(start_date, 'DD-MON-YYYY') AS start_date,6         TO_CHAR(end_date, 'DD-MON-YYYY') AS end_date  7* FROM   dba_network_acl_privileges
SQL> /ACL                                 PRINCIPAL  PRIVILE IS_GR START_DATE  END_DATE
------------------------------      ---------- ------- ----- ----------- -----------
/sys/acls/acl_test_for_scott.xml    SCOTT      connect true  30-JAN-2013/sys/acls/acl_test_for_scott.xml    PANNENKOEK connect true  30-JAN-2013

Now test again if user SCOTT can create a TCP connection – succeeds;

SQL> DECLARE  2    v_mailsever_host VARCHAR2(30) := 'mail.<domain>.nl';3    v_mailsever_port PLS_INTEGER  := 25;4    l_mail_conn  UTL_SMTP.CONNECTION;5  BEGIN6    l_mail_conn := UTL_SMTP.OPEN_CONNECTION( v_mailsever_host, v_mailsever_port);7  END;8  /PL/SQL procedure successfully completed.

I used the oracle-base.com send_mail procedure to quickly test: //www.oracle-base.com/articles/misc/email-from-oracle-plsql.php

  • DBMS_NETWORK_ACL_ADMIN ( PL/SQL Packages and Types Reference)

  • Oracle Base – Fine-Grained Access to Network Services in Oracle Database 11g Release 1

转载于:https://blog.51cto.com/bsbforever/1639726

ORA-24247: network access denied by access control list (ACL)相关推荐

  1. 记一次ORA-24247: network access denied by access control list (ACL)

    这两天在测试使用UTL_SMTP发送邮件时,遇到了ORA-24247的错误: Error report: ORA-24247: network access denied by access cont ...

  2. Phalcon 訪问控制列表 ACL(Access Control Lists ACL)

    Phalcon在权限方面通过 Phalcon\Acl 提供了一个轻量级的 ACL(訪问控制列表). Access Control Lists (ACL) 同意系统对用户的訪问权限进行控制,比方同意訪问 ...

  3. denied 虚拟机access_Windows 2008 R2 Administrator access denied解决办法

    近期测试vcenter5升级至5.1,在vmware ESXI虚拟机上安装Windows 2008 R2 STD SP1系统,安装完成后D盘可以正常读取和新建文件夹,安装vmware tools.加域 ...

  4. access denied for user root@localhost using passw

    linux下: 方法一: # /etc/init.d/mysql stop # mysqld_safe –user=mysql –skip-grant-tables –skip-networking ...

  5. 告别Chat GPT Access denied

    告别Chat GPT Access denied   在使用Chat GPT的时候,经常会因为各种问题导致不能使用,出现这种问题主要是因为网络问题和游览器问题,Chat GPT对游览器的检测相当严格, ...

  6. Linux Centos8 Mysql启动(Active: failed (Result: exit-code))及登录报错(ERROR 1045 (28000): Access denied )

    Linux Centos8 环境上启动mysql 启动报错如下: [root@MaxwellDBA ~]# systemctl start mysqld Job for mysqld.service ...

  7. git access denied问题

    windows下git修改凭据 错误现象 修改gitlab密码后,git无法push代码到远程仓库. 报错如下 git push remote: HTTP Basic: Access denied f ...

  8. remote: HTTP Basic: Access denied

    github 提交项目 提示 remote: HTTP Basic: Access denied 这个一般就是自己更改github账号的密码引起的 处理方法1 进入控制面板-->用户账号--&g ...

  9. 转: windows系统下mysql出现Error 1045(28000) Access Denied for user 'root'@'localhost'

    windows系统下mysql出现Error 1045(28000) Access Denied for user 'root'@'localhost' 转自 http://zxy5241.space ...

最新文章

  1. eclipse无法自动识别出svn项目
  2. Android中Parcelable的原理和使用方法
  3. error C3861: “setw”: 找不到标识符
  4. node oracle linux 安装,Linux 下 nodejs 使用官方oracledb库连接数据库 教程
  5. HDU 3788 ZOJ问题
  6. 朱棣文在哈佛大学毕业典礼上的演讲
  7. boost::gil::threshold_binary用法的测试程序
  8. transition动画与transform变换(了解
  9. python加载模型包占用内存多大_如何保持Keras模型加载到内存中并在需要时使用它? - python...
  10. Jquery调用ajax参数说明
  11. python的列表就是数组吗_python中list和数组的区别是什么?
  12. 自动化测试如何保持登录状态_自动化测试po模式是什么?自动化测试po分层如何实现?-附详细源码...
  13. Telnet 窗口看不见字符
  14. 软件工程师关注的播客
  15. YouTube架构学习
  16. SVN 分支合并到主干
  17. c++教你唱响天空之城(源码奉上)
  18. 理解手机中的感应器模块:重力感应/光线感应/电子罗盘/陀螺仪模块功能
  19. 服务器自检后显示scsi,“服务器百问百答”服务器怎样格式化SCSI硬盘?
  20. Longest Increasing Subsequence

热门文章

  1. LeetCode 37. Sudoku Solver--数独求解(回溯法)--Java 3ms,Python 80ms 解法
  2. gcc c语言标准,GCC 7.1发布 支持当前所有的C ++ 17标准
  3. Linux怎么关闭ssh和ftp服务,linux ftp启用和停用及vsftpd安装 ssh 启用和停用命令及ssh的安装...
  4. java csv格式文件写入_java csv文件写入
  5. java按特殊标志截取_java 字符串分割处理split及特殊符号
  6. @Profile 根据不同环境注入bean
  7. php7 定义变量,基于PHP7的PHP扩展开发之七(定义变量)
  8. UIWindow简单介绍
  9. 6个快速优化回归测试套件的方法,你都知道吗?
  10. python爬虫requestsget_精讲Python中的requests方法