Access Control Lists

Hello everyone ! Can somebody tell me abt good reference material for implementing ACLs (Access Control Lists)...? Standard and extended...
Thank you !

Configuring IP Access Lists
http://www.cisco.com/en/US/customer/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml#netdiag
Configuring Commonly Used IP ACLs
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080100548.shtml
If you find this post helpful, please don't forget to rate our posts accordingly. Thanks.

Similar Messages

ORA-24247: network access denied by access control list (ACL)error-UTL_HTTP

I am getting following ACL error while executing following procedure:
create or replace procedure sat_proc as
http_req utl_http.req;
http_resp utl_http.resp;
BEGIN
http_req := utl_http.begin_request('www.yahoo.com');
http_resp := utl_http.get_response(http_req);
utl_http.end_response(http_resp);
END;
exec sat_proc;
ORA-29273: HTTP request failed
ORA-06512: at "SYS.UTL_HTTP", line 1130
ORA-24247: network access denied by access control list (ACL)
ORA-06512: at "TRANSDBA.SAT_PROC", line 5
ORA-06512: at line 1
I am able to execute successfully while executing above code as PL/SQL block:
DECLARE
http_req utl_http.req;
http_resp utl_http.resp;
BEGIN
http_req := utl_http.begin_request('www.yahoo.com');
http_resp := utl_http.get_response(http_req);
utl_http.end_response(http_resp);
END;
PL/SQL procedure successfully completed.
Could help me find why I am getting error while executing same code in a procedure? Is there any privilege missing?

GRANT EXECUTE ON SYS.UTL_HTTP TO <your_user>;
SQL> set time on
17:21:01 SQL> set role none;
Role set.
17:21:23 SQL> @utl_http.sql
17:21:34 SQL> DECLARE
17:21:34   2 http_req utl_http.req;
17:21:34   3 http_resp utl_http.resp;
17:21:34   4 BEGIN
17:21:34   5 http_req := utl_http.begin_request('www.yahoo.com');
17:21:34   6 http_resp := utl_http.get_response(http_req);
17:21:34   7 utl_http.end_response(http_resp);
17:21:34   8 END;
17:21:34   9 /
PL/SQL procedure successfully completed.
17:21:35 SQL> connect / as sysdba
Connected.
17:22:47 SQL> connect dbadmin/admindb
Connected.
17:23:06 SQL> @utl_http.sql
17:23:22 SQL> DECLARE
17:23:22   2 http_req utl_http.req;
17:23:22   3 http_resp utl_http.resp;
17:23:22   4 BEGIN
17:23:22   5 http_req := utl_http.begin_request('www.yahoo.com');
17:23:22   6 http_resp := utl_http.get_response(http_req);
17:23:22   7 utl_http.end_response(http_resp);
17:23:22   8 END;
17:23:22   9 /
PL/SQL procedure successfully completed.
17:23:23 SQL> set role none;
Role set.
17:23:29 SQL> @utl_http.sql
17:23:31 SQL> DECLARE
17:23:31   2 http_req utl_http.req;
17:23:31   3 http_resp utl_http.resp;
17:23:31   4 BEGIN
17:23:31   5 http_req := utl_http.begin_request('www.yahoo.com');
17:23:31   6 http_resp := utl_http.get_response(http_req);
17:23:31   7 utl_http.end_response(http_resp);
17:23:31   8 END;
17:23:31   9 /
DECLARE
ERROR at line 1:
ORA-29273: HTTP request failed
ORA-06512: at "SYS.UTL_HTTP", line 1130
ORA-24247: network access denied by access control list (ACL)
ORA-06512: at line 5
17:23:31 SQL> above is from test user
Below is from SYSDBA account
SQL> set time on
17:20:53 SQL> revoke execute on sys.utl_http to dbadmin;
revoke execute on sys.utl_http to dbadmin
ERROR at line 1:
ORA-00905: missing keyword
17:22:03 SQL> revoke execute on sys.utl_http from dbadmin;
revoke execute on sys.utl_http from dbadmin
ERROR at line 1:
ORA-04020: deadlock detected while trying to lock object
ACLiLZU+w09hR7gQAB/AQAjcw==
17:22:32 SQL> /
Revoke succeeded.
17:22:52 SQL> Edited by: sb92075 on Jun 10, 2010 5:24 PM

Access Control Lists on USB drive connected to AirPort Extreme

I have a Seagate 320GB drive mounted in a NexStar 2 IDE drive enclosure and connected via USB to my AirPort Extreme Base Station, running version 7.4.1 firmware upgrade.
Every time I restart the computer or unmount the network drive, an access control list appears to be written to the drive when there should be none, according to Disk Utility. I can tell when there are problems with the drive because the desktop icon turns from bright blue to grey-blue. I have to unmount the drive from the base station and connect it directly to the computer via firewire in order for Disk Utility to examine it. Generally, Disk Utility will report "Incorrect number of Access Control Lists (It should be 0 instead of (whatever number found) )
Does anyone know why these Access Control Lists are appearing? Is there any easy way to locate them and remove them, other than disconnecting it from the base station and connecting to the computer?
This problem happens with several different drives, in various NexStar 2 and NexStar 3 enclosures.

Same problem for me, exept that it happends after copying a file to the drive. It don't happend if I just mount and unmount the disc. The same for all discs I have tryed.
2009-03-04 12:59:30 +0100: Disk Utility started.
2009-03-04 12:59:43 +0100: Verifying volume “UltramaxB”
Starting verification tool: 2009-03-04 12:59:43 +0100
2009-03-04 12:59:43 +0100: Checking Journaled HFS Plus volume.
2009-03-04 12:59:43 +0100: Checking Extents Overflow file.
2009-03-04 12:59:43 +0100: Checking Catalog file.
2009-03-04 12:59:43 +0100: Checking multi-linked files.
2009-03-04 12:59:43 +0100: Checking Catalog hierarchy.
2009-03-04 12:59:43 +0100: Checking Extended Attributes file.
2009-03-04 12:59:43 +0100: Incorrect number of Access Control Lists
2009-03-04 12:59:43 +0100: 2009-03-04 12:59:43 +0100: 2009-03-04 12:59:43 +0100: (It should be 5427 instead of 5430)
2009-03-04 12:59:43 +0100: Checking volume bitmap.
2009-03-04 12:59:44 +0100: Checking volume information.
2009-03-04 12:59:44 +0100: 2009-03-04 12:59:44 +0100: The volume UltramaxB needs to be repaired.
2009-03-04 12:59:44 +0100: Error: Filesystem verify or repair failed.2009-03-04 12:59:44 +0100:
2009-03-04 12:59:44 +0100: Disk Utility stopped verifying “UltramaxB” because the following error was encountered:
Filesystem verify or repair failed.
2009-03-04 12:59:44 +0100:

Cannot sort in file/folder access control list in 8 or Server 2012

I use Windows 8 and Server 2012 Datacenter (with GUI). In 7/2008R2, I was formerly able to get properties on a file or folder, go to Security tab, click Advanced, and sort the access control list by type, access, inherited from, etc. Now, it
doesn't do anything when I click on the headings. I know I did not find this during the Beta or Release Preview periods, but I do wish this feature would be added back.
I tried to send this through MS Connect, but they said it was a Server 2008 issue. Does that mean that it was never supposed to sort? But I argue that 8 and Server 2012 have the bug. Here is an image of the window I am referring to, for
clarification:

This is really frustrating. Just got 2012 R2 management server and a week after, I noticed the same issue. The only difference is that I'm sorting AD delegation, with 150+ ACEs. While having huge lists of ACEs, it is a must of being able to sort them
by different columns. Sad that it is considered a bug - it's usually an opposite, when a bug is offered as a feature...
I still hope this will be fixed with time to come, else - it will be more practical to use PowerShell than such handicapped GUI.
MCSE, MCITP

HR User, REST example - network access denied by access control list (ACL)

Hi,
I am new to APEX and am running the 'Oracle Developer Days' vm. I'm logged into APEX as the default HR/oracle account and I've been following the 'Creating and Using a RESTful Web Service in Application Express 4.2' training video, however when I try to retrieve information by entering a dept no. and clicking submit I get:
ORA-29273: HTTP request failed ORA-06512: at "SYS.UTL_HTTP", line 1130 ORA-24247: network access denied by access control list (ACL)
I've seen the following thread:
ORA-24247: network access denied by access control list (ACL)error-UTL_HTTP
and I've tried running the command:
GRANT EXECUTE ON SYS.UTL_HTTP TO HR;
but I'm not getting anywhere, presumably the HR user does not have permissions to access 'http://localhost:8888/apex/hr/employee_test'
Any help much appreciated, also if this is the wrong forum for this question please let me know.
Many Thanks

Hi,
Thank you for the link; I executed the first block of code to 'grant connect privileges to any host for the APEX_040200 database user' that did not work so I changed the user to HR within the code and re-executed and that seems to have done the trick. I guess the HR user is now in the power_users list/group?
Thanks again!

Problem while working with Access Control List assigned to Group

Hi,
We have a following scenario for which Access Control List is not Working.
We have a group "Webi_Grp" who should acess only Webi Reports (can perform all operations related to Webi).
Following Steps are performed but still no success...
Pl. review and provide the solutions.
1) Create a Group "Webi_Grp"
2) Create user "user3"
3) Assign User to a a group (Now user3 is part of Webi_Grp)
4) Create Access Ctrl List (ACL) "Webi_ACL"
5) Goto Included Rights section of "Webi_ACL" & select "YES" for all Webi Operations.
6) User Security in ACL shows
           a) Administrator -> Full Control (Inherited)
           b) Everyone -> No Access
7) Included Right for ACL has all Webi Rights as "GRANTED", all Deski Rights "DENY", & Few of the General Rights "GRANTED"
8) Go to Users & Group
9) Select "Webi_Grp"
10) User Security
11) Add Principal
12) Add "User3" and its Security as "Webi_ACL"
13) Thus User Security in "Webi Grp" shows
          a) Administrators -> Full Control
          b) "user3" -> Webi_ACL
14) Login With "user3", but still cant create any Webi Report
Pl. let me know any further settings are required or not.
Regards,
Purav

Hi James,
Thanks for help.
I have given ACL to Universe & now user can create Adhoc Query.
But while I run this query it gives following error "You Donot Have Rights to Access Data in this Universe"
When I check the rights status in ACL we have following rights granted for "System Universe"
Create & Edit Query Based on Universe
Data Access
Edit Access Restrictions
New List of Values
etc... all other rights in this category are granted.
Still problem persist.
Could you let me know where else should I check for permissions / rights for data access.
Regards,
Purav

ORA-24247: network access denied by access control list (ACL)

Hi All,
I am sending a mail thru OWB 11g ( and using database 11g) after successful or failure of process. My process is completing successfully but am not able to send mail. At the time of sending mail it is giving me error as below
ORA-24247: network access denied by access control list (ACL)
ORA-06512: at "SYS.UTL_TCP", line 17
ORA-06512: at "SYS.UTL_TCP", line 246
ORA-06512: at "SYS.UTL_SMTP", line 115
ORA-06512: at "SYS.UTL_SMTP", line 138
ORA-06512: at line 8
I have created ACL using the following code
BEGIN
dbms_network_acl_admin.create_acl(acl => 'oramail.xml',
description => 'Network permissions for mail.oracle.com',
principal => 'OWF_MGR', is_grant => TRUE, privilege => 'connect');
DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(acl => 'oramail.xml',
principal => 'OWF_MGR',
is_grant => true,
privilege => 'resolve');
DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL(acl => 'oramail.xml',
host => '141.146.46.30');
END;
commit;
where 141.146.46.30 is my mail server IP. I am still not able to send mail by OWB. Please let me know if I have missed any steps in this.
Thanks.

For Oracle Warehouse Builder 11g running in 11g dB you need to set the ACL for the OWBSYS user. For example:
EXECUTE DBMS_NETWORK_ACL_ADMIN.CREATE_ACL('acl_for_owb_cc.xml', 'ACL for Control Center', 'OWBSYS', TRUE, 'connect');
For Oracle Warehouse Builder 10.2.0.4 running in 11g dB you need to set the ACL for the OWB repository owner. For example:
EXECUTE DBMS_NETWORK_ACL_ADMIN.CREATE_ACL('acl_for_owb.xml', 'ACL for OWB', 'MY_OWB_REPO_OWNER', TRUE, 'connect');"

Can't Add To Access Control List Airport Express

We have both Airport Extreme (2) and Express Base Stations (3) to create a wireless network. On the Extremes I can click the Add button in Access Control in the Airport Admin Utility to add people to the list. On all the Express Base Staions I can edit or delete entries already on the list but can't add any new ones. I can export an Access Control List but not import one. The button is greyed out only the button works. I could add to the lists in the past and I'm not sure when it stopped working. The network structure and settings have not changed. Has anyone heard of this problem?
Aiport Express Mac OS X (10.4.8)

WDS is used on two Express units to relay the signal from the main base station but not on third one which is connected directly to the network via ethernet.
On the internet connected Express the Airport Network setting is:
Wireless Mode: Create a Wireless Network (Home Router)
All base stations have the same name to allow roaming.
Internet is connected using Ethernet.

Macbook pro + access control list

Hi everyone,
i hope someone can help me here. I keep trying to sign on to my wireless network with my macbook pro and it keeps giving me the error "this network uses an access control list and you're not on the list".....so i go into my router with my desktop and turn off the access control list, and it works until i put my mac to sleep. when it wakes up, the same error message comes up again. This has happened for the last 2 months or so.
I've tried adding the macbook pro to the access control list and turning off the access control list altogether....to no avail, i get the same error message no matter what i do. The only solution that's worked is if i reset my router every single time i wake up the mac.
I have an intel macbook pro circa 2007 running on os x tiger, my router is a netgear wireless G router. i've scoured the internet for answers but can't find anything, here's to hoping someone can help me. Thanks ahead.

When you turn off access control do you restart your router. Also take a look at this link, http://support.netgear.com/app/answers/detail/a_id/13112/~/securing-your-wireles s-network%3A-access-control-list

Designing a network with 6 base stations and an Access control lists

I have 6 airport extreme (802.11n) base stations setup in my studio.
I'm a little concerned about security as they're all setup individually (wireless mode: Create a wireless network) with the same Network names (mystudio) and WPA/WPA2 personal password so my roaming users don't have to keep entering passwords / experience dropouts etc
i have lots of freelancers who are in and out of the studio and there isn't anyway for me to monitor who is currently connected to my wifi network.
i'd like to setup a wireless network that only allows you to connect to the WIFI network only if your MAC address is on the access control list.
is this possible with Apple Airport extreme base stations or would it be a better idea for me to invest in a 3rd party product?
all the base station are connected to an Ethernet point and have static IP's assigned to them.
whats the best way to deploy such a solution;should i keep the setting as they are and manually enter the mac address for 30 portable machines on each base station or is there a more pragmatic solution...
any help / input would be much appreciated.
Thank You

When employing Access Control in a roaming network configuration, the MAC addresses would be required to be entered atr each of the base stations ... as there is no means (unfortunately) to have them "automatically" migrate amongst them.
However, one important thing to note. Only wireless security, using WPA or WPA2, will actually secure the wireless network. MAC addresses can easily be spoofed. Someone, determined to do so, can still access your network ... even if secured by Access Control.

ERROR    does not support access control lists

Please be patient ...
guiengine: login in process.
INFO       2004-07-19 16:33:45 [syxxcfile.cpp:346]
           CSyFileImpl::copy(iastring)
Copying file C:/Program Files/sapinst_instdir/j2ee-sneak-preview/install/keydb.xml to: q0w9e9r8t7.1.xml.
INFO       2004-07-19 16:33:45 [syxxcfile.cpp:446]
           CSyFileImpl::copy(iastring)
Copying file C:/Program Files/sapinst_instdir/j2ee-sneak-preview/install/keydb.xml to: q0w9e9r8t7.1.xml.
INFO       2004-07-19 16:33:45 [synxcnodut.cpp:339]
           CSyNodeUtils::createNodeWithType(iastring,bool,ISyNode::eNodeType,iastring)
Creating file C:\Program Files\sapinst_instdir\j2ee-sneak-preview\install\q0w9e9r8t7.1.xml.
INFO       2004-07-19 16:33:47 [syxxcfile.cpp:346]
           CSyFileImpl::copy(iastring)
Copying file C:/Program Files/sapinst_instdir/j2ee-sneak-preview/install/keydb.xml to: C:/Program Files/sapinst_instdir/j2ee-sneak-preview/install/keydb.1.xml.
INFO       2004-07-19 16:33:47 [syxxcfile.cpp:446]
           CSyFileImpl::copy(iastring)
Copying file C:/Program Files/sapinst_instdir/j2ee-sneak-preview/install/keydb.xml to: C:/Program Files/sapinst_instdir/j2ee-sneak-preview/install/keydb.1.xml.
INFO       2004-07-19 16:33:47 [synxcnodut.cpp:339]
           CSyNodeUtils::createNodeWithType(iastring,bool,ISyNode::eNodeType,iastring)
Creating file C:\Program Files\sapinst_instdir\j2ee-sneak-preview\install\keydb.1.xml.
INFO       2004-07-19 16:33:49 [ianxbusprv.cpp:337]
           CIaNtUserPrivileges::add_impl(., ASIAPACIFIC\chirutha, SeTcbPrivilege SeAssignPrimaryTokenPrivilege SeIncreaseQuotaPrivilege)
Successfully added privileges 'SeTcbPrivilege SeAssignPrimaryTokenPrivilege SeIncreaseQuotaPrivilege' to account 'ASIAPACIFIC\chirutha' on host '.'.
PHASE      2004-07-19 16:33:52 [iaxxcwalker.cpp:409]
           CDomWalker::printPhaseInfo()
Prepare the installation program.
INFO       2004-07-19 16:33:57 [iaxxcwalker.cpp:59]
           CDomWalker::walk()
Installation start: Monday, 19 July 2004, 16:33:45; installation directory: C:\Program Files\sapinst_instdir\j2ee-sneak-preview\install; product to be installed: Sneak Preview Edition of SAP Web Application Server Java 6.40> Install SAP Web Application Server Java 6.40
INFO       2004-07-19 16:34:03
           CJSlibModule::writeLogEntry()
DNS is configured correctly.
INFO[E]    2004-07-19 16:34:07 [synxcfsmgt.cpp:126]
           CSyFileSystemMgtImpl::getFSExport(iastring)
File system export (share) saploc does not exist.
INFO[E]    2004-07-19 16:34:23 [synxcuser.cpp:98]
           CSyUserImpl::CSyUserImpl(const CUserData&, bool)
Account user="j2eadm" does not exist. <#1>
INFO[E]    2004-07-19 16:34:27 [synxcfsmgt.cpp:126]
           CSyFileSystemMgtImpl::getFSExport(iastring)
File system export (share) saploc does not exist.
INFO       2004-07-19 16:34:28
           CJSlibModule::writeLogEntry()
Looking for WebAS instances installed on this host...
INFO       2004-07-19 16:34:28
           CJSlibModule::writeLogEntry()
No installed instances found!
WARNING[E] 2004-07-19 16:34:29 [syxxcnamrs.cpp:125]
           PSyServicesEntry CSyIPNameResolverImpl::getServiceByName(const iastring& serviceName, const iastring& protocol) const
Error converting from service name=sapmsJ2E/protocol=tcp to port number. SAPRETURN=12
WARNING[E] 2004-07-19 16:34:29 [syxxcnamrs.cpp:334]
           PSyServicesEntry CSyIPNameResolverImpl::getServiceByPort(const unsigned int portNumber, const iastring& protocol) const
Error converting from port number=3601/protocol=tcp to service names. SAPRETURN=12
INFO[E]    2004-07-19 16:34:33 [synxcuser.cpp:98]
           CSyUserImpl::CSyUserImpl(const CUserData&, bool)
Account user="chiruthad1\j2eadm" does not exist. <#1>
INFO[E]    2004-07-19 16:34:38 [synxcuser.cpp:98]
           CSyUserImpl::CSyUserImpl(const CUserData&, bool)
Account user="chiruthad1\SAPServiceJ2E" does not exist. <#1>
INFO       2004-07-19 16:34:38 [syxxcfile.cpp:346]
           CSyFileImpl::copy(iastring)
Copying file C:/Program Files/SAPinst_WAS/J2EE-CD/JDKVersion.xml to: ..
INFO       2004-07-19 16:34:38 [syxxcfile.cpp:446]
           CSyFileImpl::copy(iastring)
Copying file C:/Program Files/SAPinst_WAS/J2EE-CD/JDKVersion.xml to: ..
INFO       2004-07-19 16:34:38 [synxcnodut.cpp:339]
           CSyNodeUtils::createNodeWithType(iastring,bool,ISyNode::eNodeType,iastring)
Creating file C:\Program Files\sapinst_instdir\j2ee-sneak-preview\install\JDKVersion.xml.
INFO[E]    2004-07-19 16:34:38 [syxxccuren.hpp:192]
           CSyCurrentProcessEnvironmentImpl::getEnvironmentVariable(iastring)
Unable to get value for environment variable JAVA_HOME.
INFO       2004-07-19 16:34:39
           CJSlibModule::writeLogEntry()
Execution of the command "C:/j2sdk1.4.2_04/bin/java.exe '-version'" finished with return code 0. Output: 1.4.2_04
INFO       2004-07-19 16:34:40
           CJSlibModule::writeLogEntry()
Execution of the command "C:/j2sdk1.4.2_03/bin/java.exe '-version'" finished with return code 0. Output: 1.4.2_03
WARNING    2004-07-19 16:34:40
           CJSlibModule::writeLogEntry()
Directory C:/WINNT is not a valid JDK directory: the java executable is missing.
INFO       2004-07-19 16:34:40
           CJSlibModule::writeLogEntry()
Found valid JAVA_HOME directory C:\j2sdk1.4.2_04 with JDK version 1.4.2_04.
INFO       2004-07-19 16:34:40
           CJSlibModule::writeLogEntry()
Execution of the command "C:\j2sdk1.4.2_04/bin/java.exe '-version'" finished with return code 0. Output: 1.4.2_04
INFO[E]    2004-07-19 16:34:41 [syxxccuren.hpp:192]
           CSyCurrentProcessEnvironmentImpl::getEnvironmentVariable(iastring)
Unable to get value for environment variable SAPINST_DEBUG_TRACE.
INFO[E]    2004-07-19 16:34:46 [synxcfsmgt.cpp:126]
           CSyFileSystemMgtImpl::getFSExport(iastring)
File system export (share) saploc does not exist.
INFO[E]    2004-07-19 16:34:48 [synxcfsmgt.cpp:126]
           CSyFileSystemMgtImpl::getFSExport(iastring)
File system export (share) saploc does not exist.
INFO[E]    2004-07-19 16:35:09 [synxcfsmgt.cpp:126]
           CSyFileSystemMgtImpl::getFSExport(iastring)
File system export (share) saploc does not exist.
INFO       2004-07-19 16:35:22
           CJSlibModule::writeLogEntry()
Execution of the command "C:\j2sdk1.4.2_04/bin/java.exe '-version'" finished with return code 0. Output: 1.4.2_04
Transaction begin ********************************************************
ERROR      2004-07-19 16:35:22
           CJSlibModule::writeLogEntry()
The file system on drive C: does not support access control lists. Choose a different drive.
Transaction end **********************************************************
WARNING    2004-07-19 16:35:22 [iaxxccntrl.cpp:474]
           CController::stepExecuted()
The step checkParameters with step key J2EE_Workplace|ind|ind|ind|WebAS|630|0|J2EE_EngineEnterpriseDefault|ind|ind|ind|WebAS|630|0|J2EE_Engine|ind|ind|ind|J2EE_Engine|630|0|checkParameters was executed with status ERROR.
SAPinst component stack:
========================
Preinstall|ind|ind|ind|ind|ind|0
Current script:
===============
if (context.getBool("installJ2EEEngine") && ! context.getBool('applyPatch')) {
ASSERT(arguments.callee, context.get("JAVA_HOME"), "JAVA_HOME ist not set.");
var jh = context.get("JAVA_HOME");
var len = jh.length;
if (jh.substr(len-1) == "/" || jh.substr(len-1) == "
    jh = jh.substr(0, len-1);
    context.set("JAVA_HOME", jh);
var versions = Java.readVersionFile(installer.getCD("J2EE"));
var version = Java.checkHome(jh, versions.minVersion, versions.maxVersion);
if (!version) {
    installer.writeErrorWithArray(Java.errorMessage);
} else if (Java.compareVersions(version, versions.maxVersion) != -1) {
    installer.writeWarningWithArray(Java.errorMessage);
var drives = ["WindowsDrive", "DBDataDrive", "DBRedologDrive", "DBSoftwareDrive"];
for (var i = 0; i < drives.length; ++i) {
var drive = context.get(drives<i>);
if (drive && ! check_drive(drive)) {
    installer.writeError("ind-rel.ind-os.ind-db.j2ee-eng.noFAT", drive);
WARNING    2004-07-19 16:36:48 [iaxxcsihlp.hpp:183]
           main()
An error occurred during the installation.
Exit status of child: 1

Hi Stefan,
Thanks.
Regards,
krishna

APEX and ORA-24247: network access denied by access control list (ACL)

Hi,
I try to send email with APEX.
I have enter the parameters of my mail server and activate the email on my application.
I have follow the APEX installation guide and apply the script given in the "Granting Connect Privileges" section.
When I try to send email or make a subscription, I don't receive any email and can see this error in the table "WWV_FLOW_MAIL_LOG"
+"MAIL_TO","MAIL_FROM","MAIL_REPLYTO","MAIL_SUBJ","MAIL_CC","MAIL_BCC","MAIL_SEND_ERROR","LAST_UPDATED_BY","LAST_UPDATED_ON","SECURITY_GROUP_ID"+
+"[email protected]","[email protected]","[email protected]","Suivi de Besoins","","","ORA-24247: network access denied by access control list (ACL)","SYS",05/03/12,3210210578052219+
+"[email protected]","[email protected]","[email protected]","Suivi de Besoins","","","ORA-24247: network access denied by access control list (ACL)","SYS",05/03/12,3210210578052219+
+"[email protected]","[email protected]","[email protected]","Suivi de Besoins","","","ORA-24247: network access denied by access control list (ACL)","SYS",05/03/12,3210210578052219+
+"[email protected]","[email protected]","[email protected]","Suivi de Besoins","","","ORA-24247: network access denied by access control list (ACL)","SYS",05/03/12,3210210578052219+
+"[email protected]","[email protected]","[email protected]","Suivi de Besoins","","","ORA-24247: network access denied by access control list (ACL)","SYS",24/02/12,3210210578052219+
+"[email protected]","[email protected]","[email protected]","Suivi de Besoins","","","ORA-24247: network access denied by access control list (ACL)","SYS",05/03/12,3210210578052219+
Do you see what is wrong in my configuration ?
I use APEX 4.1, Oracle 11g.
The script that I have apply is :
DECLARE
ACL_PATH VARCHAR2(4000);
ACL_ID    RAW(16);
BEGIN
-- Look for the ACL currently assigned to '*' and give APEX_040100
-- the "connect" privilege if APEX_040100 does not have the privilege yet.
SELECT ACL INTO ACL_PATH FROM DBA_NETWORK_ACLS
WHERE HOST = '*' AND LOWER_PORT IS NULL AND UPPER_PORT IS NULL;
-- Before checking the privilege, make sure that the ACL is valid
-- (for example, does not contain stale references to dropped users).
-- If it does, the following exception will be raised:
--+
-- ORA-44416: Invalid ACL: Unresolved principal 'APEX_040100'
-- ORA-06512: at "XDB.DBMS_XDBZ", line ...
--+
SELECT SYS_OP_R2O(extractValue(P.RES, '/Resource/XMLRef')) INTO ACL_ID
FROM XDB.XDB$ACL A, PATH_VIEW P
WHERE extractValue(P.RES, '/Resource/XMLRef') = REF(A) AND
EQUALS_PATH(P.RES, ACL_PATH) = 1;
DBMS_XDBZ.ValidateACL(ACL_ID);
IF DBMS_NETWORK_ACL_ADMIN.CHECK_PRIVILEGE(ACL_PATH, 'APEX_040100',
+'connect') IS NULL THEN+
DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(ACL_PATH,
+'APEX_040100', TRUE, 'connect');+
END IF;
EXCEPTION
-- When no ACL has been assigned to '*'.
WHEN NO_DATA_FOUND THEN
DBMS_NETWORK_ACL_ADMIN.CREATE_ACL('power_users.xml',
+'ACL that lets power users to connect to everywhere',+
+'APEX_040100', TRUE, 'connect');+
DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL('power_users.xml','*');
END;
+/+
COMMIT;
Thanks for your help,

Hi,
You need to grant privilege to the user.
i.e add principal
You can use script :
DECLARE
ACL_ID   RAW(16);
CNT      NUMBER;
BEGIN
-- Look for the object ID of the ACL currently assigned to ''*
SELECT ACLID INTO ACL_ID FROM DBA_NETWORK_ACLS
WHERE HOST = '' AND LOWER_PORT IS NULL AND UPPER_PORT IS NULL;*
-- If just some users referenced in the ACL are invalid, remove just those
-- users in the ACL. Otherwise, drop the ACL completely.
SELECT COUNT(PRINCIPAL) INTO CNT FROM XDS_ACE
WHERE ACLID = ACL_ID AND
EXISTS (SELECT NULL FROM ALL_USERS WHERE USERNAME = PRINCIPAL);
IF (CNT > 0) THEN
FOR R IN (SELECT PRINCIPAL FROM XDS_ACE
WHERE ACLID = ACL_ID AND
NOT EXISTS (SELECT NULL FROM ALL_USERS
WHERE USERNAME = PRINCIPAL)) LOOP
UPDATE XDB.XDB$ACL
SET OBJECT_VALUE =
DELETEXML(OBJECT_VALUE,
*'/ACL/ACE[PRINCIPAL="'||R.PRINCIPAL||'"]')*
WHERE OBJECT_ID = ACL_ID;
END LOOP;
ELSE
DELETE FROM XDB.XDB$ACL WHERE OBJECT_ID = ACL_ID;
END IF;
END;
REM commit the changes.
COMMIT;
Or you need to add privilege to specific user/schema using following script:
BEGIN
DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE (
acl          => 'aclfilename.xml',
principal    => 'databaseuser',
is_grant     => TRUE,
privilege    => 'connect',
position     => null);
COMMIT;
END;
Please execute this code after connect as sysdba user.
Thanks & Regards,
Jaydipsinh Raulji
Web: [www.oracleapexconsultant.com|www.oracleapexconsultant.com]

Another ORA-24247: network access denied by access control list (ACL)

Hi
We have just upgraded from 10g to 11g (DB version is 11.2.0.1.0), and i've have nothing but problems with ACL.
I've tried:
Creation code (as dba-user):
begin
DBMS_NETWORK_ACL_ADMIN.CREATE_ACL(’netacl.xml’,
‘Allow usage to the UTL network packages’, ‘ACLTEST’, TRUE, ‘connect’);
DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(’netacl.xml’ ,’ACLTEST’, TRUE, ‘resolve’);
DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL(’netacl.xml’,'*’);
commit;
end;
Execution code (as ACLTEST):
declare
l_conn UTL_TCP.connection;
v_file ftp.TStringTable;
l_list ftp.t_string_table;
begin
l_conn := ftp.Logind('DOMAIN', 21, 'USERNAME', 'PASSWORD');
ftp.logout(l_conn);
end;
Error stack
ORA-24247: network access denied by access control list (ACL)
ORA-06512: at “SYS.UTL_TCP”, line 17
ORA-06512: at “SYS.UTL_TCP”, line 246
ORA-06512: at “COMMON.FTP”, line 784
ORA-06512: at line 7
i've tried to add the domain in the acl with full port range with no luck:
begin
DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL(’netacl.xml’,'DOMAIN’,1,65000);
commit;
end;

Hi;
First what below query return
SELECT acl,
principal,
privilege,
is_grant,
to_char(start_date) ,
to_char(end_date)
FROM dba_network_acl_privileges;
Regard
Helios

Public parts not allowed to be used by the access control list

hi,
I have 2 DCs. DC1 and DC2. I want to use public parts of DC2 in DC1. When I try to do so in in the dependencies tab, I get the following error.
some public parts are not allowed to be used by the access control list.
how to resolve this error ?
Thanks !

Hi,
Sorry for the delayed response ....Both ends static routes are added for the connected test interfaces.....
Regards,
Mahesh

ORA-24247: network access denied by access control list (ACL) using FTP

What used to work on our 10g server now doesn't work on 11g. We recently migrated to a new server and this FTP download process is the only thing that is giving me problems.
I have tried using the IP Address and Domain name, opened up the ports 10 to 80 (just in case) and even tried FTPing to a local FTP site and cannot seem to get past the ORA-24247 error. At this point I am not sure what else to try. The FTP process worked great in 10g...
begin
dbms_network_acl_admin.create_acl (
acl => 'cwtoto_acl_file.xml',
description => 'FTP Access',
principal => 'CWT_OPERATOR',
is_grant => TRUE,
privilege => 'connect',
start_date => null,
end_date => null
dbms_network_acl_admin.add_privilege (
acl => 'cwtoto_acl_file.xml',
principal => 'CWT_OPERATOR',
is_grant => TRUE,
privilege => 'resolve',
start_date => null,
end_date => null
dbms_network_acl_admin.assign_acl (
acl => 'cwtoto_acl_file.xml',
host => '69.30.63.173',
lower_port => 10,
upper_port => 80
dbms_network_acl_admin.assign_acl (
acl => 'cwtoto_acl_file.xml',
host => 'ftp.rmpc.org',
lower_port => 10,
upper_port => 80
dbms_network_acl_admin.assign_acl (
acl => 'cwtoto_acl_file.xml',
host => 'ftp.taglab.org',
lower_port => 10,
upper_port => 80
dbms_network_acl_admin.assign_acl (
acl => 'cwtoto_acl_file.xml',
host => '146.63.252.61',
lower_port => 10,
upper_port => 80
commit;
end;
Edited by: tfrawley on Jan 20, 2011 10:23 AM

So, I have contacted support to fix my inability to login to Oracle Support. In the meantime I'll just run through this problem one more time:
I executed the following:
begin
dbms_network_acl_admin.create_acl (
acl => 'cwtoto_acl_file.xml',
description => 'FTP Access',
principal => 'CWT_OPERATOR',
is_grant => TRUE,
privilege => 'connect',
start_date => null,
end_date => null
dbms_network_acl_admin.assign_acl (
acl => 'cwtoto_acl_file.xml',
host => 'ftp.rmpc.org',
lower_port => 1,
upper_port => 1000
commit;
end;
This should give me an ACL xml file and permission for CWT_OPERATOR to connect to ftp.rmpc.org on ports 1 through 1000.
I can look and see if the creation was successful: SELECT host, lower_port, upper_port, acl FROM dba_network_acls t ;
HOST LOWER_PORT UPPER_PORT ACL
1 ftp.rmpc.org 1 1000 /sys/acls/cwtoto_acl_file.xml
Looks good right?
So I test it using the following:
DECLARE
l_conn UTL_TCP.connection;
BEGIN
l_conn := ftp.login('ftp.rmpc.org','21','[email protected]','anonymous');
ftp.logout( l_conn);
END;
And get the following errors:
ORA-24247: network access denied by access control list (ACL)
ORA-06512: at "SYS.UTL_TCP", line 17
ORA-06512: at "SYS.UTL_TCP", line 246
ORA-06512: at "SYSTEM.FTP", line 49
ORA-06512: at line 4
Has anyone else tried to use UTL_TCP and experienced a simliar issue?

Access Control Lists

Similar Messages

Maybe you are looking for