ORA-24247
I'm trying to execute the folowing SQL statement from a report page:
-- BEGIN OF SQL STATEMENT
select extractValue(value(t), '/configuracao/Logradouro/text()') as logradouro,
extractValue(value(t), '/configuracao/Bairro/text()') as bairro,
extractValue(value(t), '/configuracao/Cidade/text()') as cidade,
extractValue(value(t), '/configuracao/UF/text()') as uf
from
table(
xmlsequence(
extract(
httpuritype('http://200.198.216.135/enderecador/requisicao/xmlPesquisa.cfm?cep=29102010&chave=50DB92AC-BCDF-F187-71392CFBAB2A673E').getXML(), '/'
) t
-- END OF SQL STATEMENT
That SQL statement executes without any error when I am connected as system using SQL Developer. But, when I execute the statement from Apex, this error return:
ORA-29273: falha na solicitação HTTP
ORA-06512: em "SYS.UTL_HTTP", line 1674
ORA-24247: acesso à rede negado pela ACL (access control list)
I did every step of the post installation taks, including the acl grant. But until now I could not execute the statement.
How can I solve that?
Well, until now I could not find a solution to the problem... the oracle documentation did not help in this case...
And the more strange: the SQL statement executes perfectly inside SQL Workshop, but results in ACLs error when inside a report region on page...
Please, help!
Similar Messages
-
Error ORA-24247 after migrating from 10g to 11g
Hi all,
After a migration from a 10.2.0.3 (32bits) database to a 11.2.0.3 (64bits) database, we are facing a problem related to the UTL_SMTP package. I vale already created a ACL, as you can see below:
-- create acl
BEGIN
DBMS_NETWORK_ACL_ADMIN.CREATE_ACL (acl => 'user_processos.xml',
description => 'abc',
principal => 'PROCES',
is_grant => TRUE,
privilege => 'connect');
END;
-- assign acl
BEGIN
DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL (acl => 'user_processos.xml'
host => 'rac-abc',
lower_port => 1521,
upper_port => NULL);
END;The problem is: After we try to execute a procedure that calls UTL_SMTP, with user PROCES the error ORA-24247 is raised. I did some research and they all point to the it is necessary to create an ACL to solve this probles, but the ACL already exists, as you can see above.Hi,
I had the same issue, well multiple issues, with this at first. You should find the solution in one of these links. Make sure you have done each step in the lists and it will work.
[url http://www.ora00600.com/scripts/databaseconfig/ORA-29278.html]ORA-29278 SMTP
[url http://www.ora00600.com/scripts/11g/UTL_SMTP_ORA-06512.html]ORA-06512: at SYS.UTL_SMTP
There are various parameters and configuration steps you need to make sure you have performed for it to work.
Hopefully that helps,
Rob
Edited by: Rob_J on Feb 15, 2013 11:53 AM
*link was not working -
ORA-24247: network access denied by access control list (ACL)error-UTL_HTTP
I am getting following ACL error while executing following procedure:
create or replace procedure sat_proc as
http_req utl_http.req;
http_resp utl_http.resp;
BEGIN
http_req := utl_http.begin_request('www.yahoo.com');
http_resp := utl_http.get_response(http_req);
utl_http.end_response(http_resp);
END;
exec sat_proc;
ORA-29273: HTTP request failed
ORA-06512: at "SYS.UTL_HTTP", line 1130
ORA-24247: network access denied by access control list (ACL)
ORA-06512: at "TRANSDBA.SAT_PROC", line 5
ORA-06512: at line 1
I am able to execute successfully while executing above code as PL/SQL block:
DECLARE
http_req utl_http.req;
http_resp utl_http.resp;
BEGIN
http_req := utl_http.begin_request('www.yahoo.com');
http_resp := utl_http.get_response(http_req);
utl_http.end_response(http_resp);
END;
PL/SQL procedure successfully completed.
Could help me find why I am getting error while executing same code in a procedure? Is there any privilege missing?GRANT EXECUTE ON SYS.UTL_HTTP TO <your_user>;
SQL> set time on
17:21:01 SQL> set role none;
Role set.
17:21:23 SQL> @utl_http.sql
17:21:34 SQL> DECLARE
17:21:34 2 http_req utl_http.req;
17:21:34 3 http_resp utl_http.resp;
17:21:34 4 BEGIN
17:21:34 5 http_req := utl_http.begin_request('www.yahoo.com');
17:21:34 6 http_resp := utl_http.get_response(http_req);
17:21:34 7 utl_http.end_response(http_resp);
17:21:34 8 END;
17:21:34 9 /
PL/SQL procedure successfully completed.
17:21:35 SQL> connect / as sysdba
Connected.
17:22:47 SQL> connect dbadmin/admindb
Connected.
17:23:06 SQL> @utl_http.sql
17:23:22 SQL> DECLARE
17:23:22 2 http_req utl_http.req;
17:23:22 3 http_resp utl_http.resp;
17:23:22 4 BEGIN
17:23:22 5 http_req := utl_http.begin_request('www.yahoo.com');
17:23:22 6 http_resp := utl_http.get_response(http_req);
17:23:22 7 utl_http.end_response(http_resp);
17:23:22 8 END;
17:23:22 9 /
PL/SQL procedure successfully completed.
17:23:23 SQL> set role none;
Role set.
17:23:29 SQL> @utl_http.sql
17:23:31 SQL> DECLARE
17:23:31 2 http_req utl_http.req;
17:23:31 3 http_resp utl_http.resp;
17:23:31 4 BEGIN
17:23:31 5 http_req := utl_http.begin_request('www.yahoo.com');
17:23:31 6 http_resp := utl_http.get_response(http_req);
17:23:31 7 utl_http.end_response(http_resp);
17:23:31 8 END;
17:23:31 9 /
DECLARE
ERROR at line 1:
ORA-29273: HTTP request failed
ORA-06512: at "SYS.UTL_HTTP", line 1130
ORA-24247: network access denied by access control list (ACL)
ORA-06512: at line 5
17:23:31 SQL> above is from test user
Below is from SYSDBA account
SQL> set time on
17:20:53 SQL> revoke execute on sys.utl_http to dbadmin;
revoke execute on sys.utl_http to dbadmin
ERROR at line 1:
ORA-00905: missing keyword
17:22:03 SQL> revoke execute on sys.utl_http from dbadmin;
revoke execute on sys.utl_http from dbadmin
ERROR at line 1:
ORA-04020: deadlock detected while trying to lock object
ACLiLZU+w09hR7gQAB/AQAjcw==
17:22:32 SQL> /
Revoke succeeded.
17:22:52 SQL> Edited by: sb92075 on Jun 10, 2010 5:24 PM -
FRM-40735:when-button-pressed trigger raised unhandled exception ORA-24247
hi all
i am using form 10g release2 i am having a problem
when i use the following stored procedure in form then i am getting this
error.
FRM-40735:when-button-pressed trigger raised unhandled exception ORA-24247
but the same code working fine when i use in SQLPLUS.
CREATE OR REPLACE PROCEDURE mail_attach (dir1 VARCHAR2, filename VARCHAR2)
AS
l_output utl_file.file_type;
l_file RAW(32767);
l_size NUMBER;
BLOCK NUMBER;
b BOOLEAN;
l_start NUMBER := 1;
TYPE ARRAY IS TABLE OF VARCHAR2(255);
l_data ARRAY := ARRAY([email protected]');
BEGIN
UTL_FILE.FGETATTR(dir1, filename, b, l_size, BLOCK);
l_output := utl_file.fopen('BACKUP', 'code.txt', 'r' );
utl_file.get_raw(l_output, l_file, l_size);
utl_file.fclose( l_output );
FOR i IN l_start .. l_data.COUNT
LOOP
UTL_MAIL.SEND_ATTACH_RAW (
sender => 'Mailer',
recipients => l_data(i),
subject => 'Data for ' || TO_CHAR((SYSDATE-1),'DD-MON-YYYY'),
attachment => l_file,
message => 'Dear User, Please find attached the upload
data for the period mentioned in the subject line.',
att_inline => FALSE,
att_filename => filename);
l_start := l_start + 1;
END LOOP;
END;and this is used in form when-button-pressed trigger.
BEGIN
mail_attach('UTL_PATH','code.txt');
message('FIle send successfully');
message('File send successfully');
END;hi
Mehwish now check the following code and its working fine with me in form..........
declare
dir1 VARCHAR2(200);
--filename VARCHAR2(200):='Logon.jpg';
filename VARCHAR2(200);
l_output utl_file.file_type;
l_file RAW(32767);
l_size NUMBER;
BLOCK NUMBER;
b BOOLEAN;
l_start NUMBER := 1;
TYPE ARRAY IS TABLE OF VARCHAR2(255);
l_data ARRAY := ARRAY('[email protected]');
BEGIN
-- EXECUTE IMMEDIATE 'ALTER SESSION SET smtp_out_server = ''192.168.56.103:25''';-- this is IP address and port of the server
UTL_FILE.FGETATTR(dir1, :filename, b, l_size, BLOCK);
--select directory_path into :filepath from dba_directories where directory_name='BACKUP';
l_output := utl_file.fopen('BACKUP',:filename, 'r' );-- i added :filename as a text item.
utl_file.get_raw(l_output, l_file, l_size);
utl_file.fclose( l_output );
FOR i IN l_start .. l_data.COUNT
LOOP
UTL_MAIL.SEND_ATTACH_RAW (
sender => 'Mailer',
recipients => l_data(i),
subject => 'Data for ' || TO_CHAR((SYSDATE-1),'DD-MON-YYYY'),
attachment => l_file,
message => :f,-- this is message item.
att_inline => FALSE,
att_filename => :filename);--this is attachment file name.
l_start := l_start + 1;
END LOOP;
message('File Send Successfully');
message('File Send Successfully ');
END;hope this helps you.
Attachment and mail are working fine with me, i can send attachment..............
sarah -
ORA-24247: network access denied by access control list (ACL)
Hi All,
I am sending a mail thru OWB 11g ( and using database 11g) after successful or failure of process. My process is completing successfully but am not able to send mail. At the time of sending mail it is giving me error as below
ORA-24247: network access denied by access control list (ACL)
ORA-06512: at "SYS.UTL_TCP", line 17
ORA-06512: at "SYS.UTL_TCP", line 246
ORA-06512: at "SYS.UTL_SMTP", line 115
ORA-06512: at "SYS.UTL_SMTP", line 138
ORA-06512: at line 8
I have created ACL using the following code
BEGIN
dbms_network_acl_admin.create_acl(acl => 'oramail.xml',
description => 'Network permissions for mail.oracle.com',
principal => 'OWF_MGR', is_grant => TRUE, privilege => 'connect');
DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(acl => 'oramail.xml',
principal => 'OWF_MGR',
is_grant => true,
privilege => 'resolve');
DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL(acl => 'oramail.xml',
host => '141.146.46.30');
END;
commit;
where 141.146.46.30 is my mail server IP. I am still not able to send mail by OWB. Please let me know if I have missed any steps in this.
Thanks.For Oracle Warehouse Builder 11g running in 11g dB you need to set the ACL for the OWBSYS user. For example:
EXECUTE DBMS_NETWORK_ACL_ADMIN.CREATE_ACL('acl_for_owb_cc.xml', 'ACL for Control Center', 'OWBSYS', TRUE, 'connect');
For Oracle Warehouse Builder 10.2.0.4 running in 11g dB you need to set the ACL for the OWB repository owner. For example:
EXECUTE DBMS_NETWORK_ACL_ADMIN.CREATE_ACL('acl_for_owb.xml', 'ACL for OWB', 'MY_OWB_REPO_OWNER', TRUE, 'connect');" -
Ora-24247 (ACL Error ) is coming in Oracle SE not in Oracle EE
Hi
I am using the below select statement to get the host ipaddress
select utl_inaddr.GET_HOST_ADDRESS into v_HostIPAddress from dual;
It's Working fine when i am running in the SQL Prompt .it is giving me the correct ip address but when i have included this piece of code in the procedure then it's giving me the error
Sample Code which i am using :
procedure getPatAPI(p_Id IN varchar2,
p_path in out varchar2) is
v_HostIPAddress varchar2(20);
begin
select utl_inaddr.GET_HOST_ADDRESS into v_HostIPAddress from dual;
EXCEPTION
WHEN OTHERS THEN
raise_application_error(-20001,
'getPathAPI:' ||
SQLCODE || ' -ERROR- ' || SQLERRM);
end;
Try to execute by passing the p_Id = 1 then giving the
Error:
ERROR- ORA-24247: network access denied by access control list (ACL)
ORA-06512: at "SYS.UTL_INADDR", line 19
ORA-06512: at "SYS.UTL_INADDR", line 40
ORA-06512: at line 1
I have run these below set of command in Oracle Standard Edition and Oracle Enterprise Edition.
In the SE i am getting the same error ORA-24247 but it's working fine in the EE .
Connected to:
Oracle Database 11g Release 11.2.0.3.0 - 64bit Production
SQL>
SQL> EXECUTE DBMS_NETWORK_ACL_ADMIN.CREATE_ACL('acl_for_oracle.xml','ACL for www.oracle.com', 'GENEVA_ADMIN', TRUE, 'resolve');
PL/SQL procedure successfully completed.
SQL> EXECUTE DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE('acl_for_oracle.xml','GENEVA_ADMIN', TRUE, 'resolve');
PL/SQL procedure successfully completed.
SQL> EXECUTE DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL('acl_for_oracle.xml','*');
PL/SQL procedure successfully completed.
SQL> commit;
Commit complete.
SQL> exit
Disconnected from Oracle Database 11g Release 11.2.0.3.0 - 64bit Production
So to run the UTL_INADDR in the Oracle Standard Edition is there any other kind of permission is required ???And also on Oracle 10g, its not happening every time. Sometimes it gives error while sometimes it works. This is typically due to
a) environment settings that differ from session to session
b) or more often, data
The actual error means that Oracle expects a number and is unable to obtain a number from the input (data or SQL or bind variables) supplied. I agree with William that it looks a lot like an implicit TO_NUMBER() conversion failing.
Why not add a debug exception handler to the code? When that exception occurs, dump the PL/SQL call stack and values of all variables and parameters to a debug/logging table (using an autonomous transaction). -
APEX and ORA-24247: network access denied by access control list (ACL)
Hi,
I try to send email with APEX.
I have enter the parameters of my mail server and activate the email on my application.
I have follow the APEX installation guide and apply the script given in the "Granting Connect Privileges" section.
When I try to send email or make a subscription, I don't receive any email and can see this error in the table "WWV_FLOW_MAIL_LOG"
+"MAIL_TO","MAIL_FROM","MAIL_REPLYTO","MAIL_SUBJ","MAIL_CC","MAIL_BCC","MAIL_SEND_ERROR","LAST_UPDATED_BY","LAST_UPDATED_ON","SECURITY_GROUP_ID"+
+"[email protected]","[email protected]","[email protected]","Suivi de Besoins","","","ORA-24247: network access denied by access control list (ACL)","SYS",05/03/12,3210210578052219+
+"[email protected]","[email protected]","[email protected]","Suivi de Besoins","","","ORA-24247: network access denied by access control list (ACL)","SYS",05/03/12,3210210578052219+
+"[email protected]","[email protected]","[email protected]","Suivi de Besoins","","","ORA-24247: network access denied by access control list (ACL)","SYS",05/03/12,3210210578052219+
+"[email protected]","[email protected]","[email protected]","Suivi de Besoins","","","ORA-24247: network access denied by access control list (ACL)","SYS",05/03/12,3210210578052219+
+"[email protected]","[email protected]","[email protected]","Suivi de Besoins","","","ORA-24247: network access denied by access control list (ACL)","SYS",24/02/12,3210210578052219+
+"[email protected]","[email protected]","[email protected]","Suivi de Besoins","","","ORA-24247: network access denied by access control list (ACL)","SYS",05/03/12,3210210578052219+
Do you see what is wrong in my configuration ?
I use APEX 4.1, Oracle 11g.
The script that I have apply is :
DECLARE
ACL_PATH VARCHAR2(4000);
ACL_ID RAW(16);
BEGIN
-- Look for the ACL currently assigned to '*' and give APEX_040100
-- the "connect" privilege if APEX_040100 does not have the privilege yet.
SELECT ACL INTO ACL_PATH FROM DBA_NETWORK_ACLS
WHERE HOST = '*' AND LOWER_PORT IS NULL AND UPPER_PORT IS NULL;
-- Before checking the privilege, make sure that the ACL is valid
-- (for example, does not contain stale references to dropped users).
-- If it does, the following exception will be raised:
--+
-- ORA-44416: Invalid ACL: Unresolved principal 'APEX_040100'
-- ORA-06512: at "XDB.DBMS_XDBZ", line ...
--+
SELECT SYS_OP_R2O(extractValue(P.RES, '/Resource/XMLRef')) INTO ACL_ID
FROM XDB.XDB$ACL A, PATH_VIEW P
WHERE extractValue(P.RES, '/Resource/XMLRef') = REF(A) AND
EQUALS_PATH(P.RES, ACL_PATH) = 1;
DBMS_XDBZ.ValidateACL(ACL_ID);
IF DBMS_NETWORK_ACL_ADMIN.CHECK_PRIVILEGE(ACL_PATH, 'APEX_040100',
+'connect') IS NULL THEN+
DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(ACL_PATH,
+'APEX_040100', TRUE, 'connect');+
END IF;
EXCEPTION
-- When no ACL has been assigned to '*'.
WHEN NO_DATA_FOUND THEN
DBMS_NETWORK_ACL_ADMIN.CREATE_ACL('power_users.xml',
+'ACL that lets power users to connect to everywhere',+
+'APEX_040100', TRUE, 'connect');+
DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL('power_users.xml','*');
END;
+/+
COMMIT;
Thanks for your help,Hi,
You need to grant privilege to the user.
i.e add principal
You can use script :
DECLARE
ACL_ID RAW(16);
CNT NUMBER;
BEGIN
-- Look for the object ID of the ACL currently assigned to ''*
SELECT ACLID INTO ACL_ID FROM DBA_NETWORK_ACLS
WHERE HOST = '' AND LOWER_PORT IS NULL AND UPPER_PORT IS NULL;*
-- If just some users referenced in the ACL are invalid, remove just those
-- users in the ACL. Otherwise, drop the ACL completely.
SELECT COUNT(PRINCIPAL) INTO CNT FROM XDS_ACE
WHERE ACLID = ACL_ID AND
EXISTS (SELECT NULL FROM ALL_USERS WHERE USERNAME = PRINCIPAL);
IF (CNT > 0) THEN
FOR R IN (SELECT PRINCIPAL FROM XDS_ACE
WHERE ACLID = ACL_ID AND
NOT EXISTS (SELECT NULL FROM ALL_USERS
WHERE USERNAME = PRINCIPAL)) LOOP
UPDATE XDB.XDB$ACL
SET OBJECT_VALUE =
DELETEXML(OBJECT_VALUE,
*'/ACL/ACE[PRINCIPAL="'||R.PRINCIPAL||'"]')*
WHERE OBJECT_ID = ACL_ID;
END LOOP;
ELSE
DELETE FROM XDB.XDB$ACL WHERE OBJECT_ID = ACL_ID;
END IF;
END;
REM commit the changes.
COMMIT;
Or you need to add privilege to specific user/schema using following script:
BEGIN
DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE (
acl => 'aclfilename.xml',
principal => 'databaseuser',
is_grant => TRUE,
privilege => 'connect',
position => null);
COMMIT;
END;
Please execute this code after connect as sysdba user.
Thanks & Regards,
Jaydipsinh Raulji
Web: [www.oracleapexconsultant.com|www.oracleapexconsultant.com] -
Another ORA-24247: network access denied by access control list (ACL)
Hi
We have just upgraded from 10g to 11g (DB version is 11.2.0.1.0), and i've have nothing but problems with ACL.
I've tried:
Creation code (as dba-user):
begin
DBMS_NETWORK_ACL_ADMIN.CREATE_ACL(’netacl.xml’,
‘Allow usage to the UTL network packages’, ‘ACLTEST’, TRUE, ‘connect’);
DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(’netacl.xml’ ,’ACLTEST’, TRUE, ‘resolve’);
DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL(’netacl.xml’,'*’);
commit;
end;
Execution code (as ACLTEST):
declare
l_conn UTL_TCP.connection;
v_file ftp.TStringTable;
l_list ftp.t_string_table;
begin
l_conn := ftp.Logind('DOMAIN', 21, 'USERNAME', 'PASSWORD');
ftp.logout(l_conn);
end;
Error stack
ORA-24247: network access denied by access control list (ACL)
ORA-06512: at “SYS.UTL_TCP”, line 17
ORA-06512: at “SYS.UTL_TCP”, line 246
ORA-06512: at “COMMON.FTP”, line 784
ORA-06512: at line 7
i've tried to add the domain in the acl with full port range with no luck:
begin
DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL(’netacl.xml’,'DOMAIN’,1,65000);
commit;
end;Hi;
First what below query return
SELECT acl,
principal,
privilege,
is_grant,
to_char(start_date) ,
to_char(end_date)
FROM dba_network_acl_privileges;
Regard
Helios -
ORA-24247: network access denied by access control list (ACL) using FTP
What used to work on our 10g server now doesn't work on 11g. We recently migrated to a new server and this FTP download process is the only thing that is giving me problems.
I have tried using the IP Address and Domain name, opened up the ports 10 to 80 (just in case) and even tried FTPing to a local FTP site and cannot seem to get past the ORA-24247 error. At this point I am not sure what else to try. The FTP process worked great in 10g...
begin
dbms_network_acl_admin.create_acl (
acl => 'cwtoto_acl_file.xml',
description => 'FTP Access',
principal => 'CWT_OPERATOR',
is_grant => TRUE,
privilege => 'connect',
start_date => null,
end_date => null
dbms_network_acl_admin.add_privilege (
acl => 'cwtoto_acl_file.xml',
principal => 'CWT_OPERATOR',
is_grant => TRUE,
privilege => 'resolve',
start_date => null,
end_date => null
dbms_network_acl_admin.assign_acl (
acl => 'cwtoto_acl_file.xml',
host => '69.30.63.173',
lower_port => 10,
upper_port => 80
dbms_network_acl_admin.assign_acl (
acl => 'cwtoto_acl_file.xml',
host => 'ftp.rmpc.org',
lower_port => 10,
upper_port => 80
dbms_network_acl_admin.assign_acl (
acl => 'cwtoto_acl_file.xml',
host => 'ftp.taglab.org',
lower_port => 10,
upper_port => 80
dbms_network_acl_admin.assign_acl (
acl => 'cwtoto_acl_file.xml',
host => '146.63.252.61',
lower_port => 10,
upper_port => 80
commit;
end;
Edited by: tfrawley on Jan 20, 2011 10:23 AMSo, I have contacted support to fix my inability to login to Oracle Support. In the meantime I'll just run through this problem one more time:
I executed the following:
begin
dbms_network_acl_admin.create_acl (
acl => 'cwtoto_acl_file.xml',
description => 'FTP Access',
principal => 'CWT_OPERATOR',
is_grant => TRUE,
privilege => 'connect',
start_date => null,
end_date => null
dbms_network_acl_admin.assign_acl (
acl => 'cwtoto_acl_file.xml',
host => 'ftp.rmpc.org',
lower_port => 1,
upper_port => 1000
commit;
end;
This should give me an ACL xml file and permission for CWT_OPERATOR to connect to ftp.rmpc.org on ports 1 through 1000.
I can look and see if the creation was successful: SELECT host, lower_port, upper_port, acl FROM dba_network_acls t ;
HOST LOWER_PORT UPPER_PORT ACL
1 ftp.rmpc.org 1 1000 /sys/acls/cwtoto_acl_file.xml
Looks good right?
So I test it using the following:
DECLARE
l_conn UTL_TCP.connection;
BEGIN
l_conn := ftp.login('ftp.rmpc.org','21','[email protected]','anonymous');
ftp.logout( l_conn);
END;
And get the following errors:
ORA-24247: network access denied by access control list (ACL)
ORA-06512: at "SYS.UTL_TCP", line 17
ORA-06512: at "SYS.UTL_TCP", line 246
ORA-06512: at "SYSTEM.FTP", line 49
ORA-06512: at line 4
Has anyone else tried to use UTL_TCP and experienced a simliar issue? -
Unable to send emails. ORA-24247 error
Hi,
I have an email program that isn't working and I am getting this message:
ORA-24247: network access denied by access control list (ACL)
Any help? Thanks.http://blog.whitehorses.nl/2010/03/17/oracle-11g-access-control-list-and-ora-24247/
-
ORA-24247: Netzwerkzugriff von Access Control-Liste (ACL) abgelehnt
Hi,
I am trying to send email in APEX but all the emails are in APEX mail queue with error status,
ORA-24247: Netzwerkzugriff von Access Control-Liste (ACL) abgelehnt
I already configured smtp server in manage instance. Please suggest me why the error is happening.
Thanks & Regards,
SagarikaProbably you need to add the SMTP server address to the ACL list. There are numerous resources showing how to do that. Google on "how to create acl in oracle" and you will get many links showing up. This one is explaining a how to quite good:
http://www.oracleflash.com/36/Oracle-11g-Access-Control-List-for-External-Network-Services.html
Denes Kubicek
http://deneskubicek.blogspot.com/
http://www.apress.com/9781430235125
http://apex.oracle.com/pls/apex/f?p=31517:1
http://www.amazon.de/Oracle-APEX-XE-Praxis/dp/3826655494
------------------------------------------------------------------- -
Enabling Network Services not working PLEASE HELP
Hello,
I created a virtual machine with the Oracle_Developer_Day.ova file downloaded from oracle page in order to test the application express tool.
I´m trying to ad a webservice reference but getting the error:
ORA-29273: HTTP request failed ORA-06512: at "SYS.UTL_HTTP", line 1130 ORA-24247: network access denied by access control list (ACL)
I researched and find out that oracle 11g does not have network services enabled so you have to enable them with the following script:
DECLARE
ACL_PATH VARCHAR2(4000);
ACL_ID RAW(16);
BEGIN
-- Look for the ACL currently assigned to '*' and give APEX_030200
-- the "connect" privilege if APEX_030200 does not have the privilege yet.
SELECT ACL INTO ACL_PATH FROM DBA_NETWORK_ACLS
WHERE HOST = '*' AND LOWER_PORT IS NULL AND UPPER_PORT IS NULL;
-- Before checking the privilege, ensure that the ACL is valid
-- (for example, does not contain stale references to dropped users).
-- If it does, the following exception will be raised:
-- ORA-44416: Invalid ACL: Unresolved principal 'ADMIN'
-- ORA-06512: at "XDB.DBMS_XDBZ", line ...
SELECT SYS_OP_R2O(extractValue(P.RES, '/Resource/XMLRef')) INTO ACL_ID
FROM XDB.XDB$ACL A, PATH_VIEW P
WHERE extractValue(P.RES, '/Resource/XMLRef') = REF(A) AND
EQUALS_PATH(P.RES, ACL_PATH) = 1;
DBMS_XDBZ.ValidateACL(ACL_ID);
IF DBMS_NETWORK_ACL_ADMIN.CHECK_PRIVILEGE(ACL_PATH, 'HR',
'connect') IS NULL THEN
DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(ACL_PATH,
'HR', TRUE, 'connect');
END IF;
EXCEPTION
-- When no ACL has been assigned to '*'.
WHEN NO_DATA_FOUND THEN
DBMS_NETWORK_ACL_ADMIN.CREATE_ACL('power_users.xml',
'ACL that lets power users to connect to everywhere',
'HR', TRUE, 'connect');
DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL('power_users.xml','*');
END;
COMMIT;
***Note: I have a workspace called HR and a user called HR.
I run the script and everything works fine but when I try to add the webservice reference I get the same error.
I don´t know what to do and my time to fixing this problem is ending so please if someone can help me I would really appreciate it.
THanks in advanceHi Luis,
You will find the script for the relevant releases in the respective installation guides of their releases.
Here is the script for Oracle APEX 4.1 and its sub-version releases:
DECLARE
ACL_PATH VARCHAR2(4000);
BEGIN
-- Look for the ACL currently assigned to '*' and give APEX_040100
-- the "connect" privilege if APEX_040100 does not have the privilege yet.
SELECT ACL INTO ACL_PATH FROM DBA_NETWORK_ACLS
WHERE HOST = '*' AND LOWER_PORT IS NULL AND UPPER_PORT IS NULL;
IF DBMS_NETWORK_ACL_ADMIN.CHECK_PRIVILEGE(ACL_PATH, 'APEX_040100',
'connect') IS NULL THEN
DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(ACL_PATH,
'APEX_040100', TRUE, 'connect');
END IF;
EXCEPTION
-- When no ACL has been assigned to '*'.
WHEN NO_DATA_FOUND THEN
DBMS_NETWORK_ACL_ADMIN.CREATE_ACL('power_users.xml',
'ACL that lets power users to connect to everywhere',
'APEX_040100', TRUE, 'connect');
DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL('power_users.xml','*');
END;
COMMIT;
Refer : http://docs.oracle.com/cd/E23903_01/doc/doc.41/e21673/otn_install.htm#BEHGBHDF
Here is the script for Oracle APEX 4.2 and its sub-version releases:
DECLARE
ACL_PATH VARCHAR2(4000);
BEGIN
-- Look for the ACL currently assigned to '*' and give APEX_040200
-- the "connect" privilege if APEX_040200 does not have the privilege yet.
SELECT ACL INTO ACL_PATH FROM DBA_NETWORK_ACLS
WHERE HOST = '*' AND LOWER_PORT IS NULL AND UPPER_PORT IS NULL;
IF DBMS_NETWORK_ACL_ADMIN.CHECK_PRIVILEGE(ACL_PATH, 'APEX_040200',
'connect') IS NULL THEN
DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(ACL_PATH,
'APEX_040200', TRUE, 'connect');
END IF;
EXCEPTION
-- When no ACL has been assigned to '*'.
WHEN NO_DATA_FOUND THEN
DBMS_NETWORK_ACL_ADMIN.CREATE_ACL('power_users.xml',
'ACL that lets power users to connect to everywhere',
'APEX_040200', TRUE, 'connect');
DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL('power_users.xml','*');
END;
COMMIT;Refer: http://docs.oracle.com/cd/E37097_01/doc/install.42/e35123/otn_install.htm#BEHGBHDF
Hope it Helps!
Regards,
Kiran -
Problem creating Network ACL for a ROLE in Oracle 11gR2
According to Oracle Documentation when you create a new Network ACL you can add privileges to a user or role. I need to create a new ACL for the UTL_SMTP package for a specific role, but when I granted it the users who have that role are still getting the "ORA-24247: network access denied by access control list (ACL)" error when they try to send an email. If I grant the ACL privilege to the same users directly it works fine. Is there any step I'm missing? This is the test I have made on my Solaris 10 - Oracle 11gR2 (11.2.0.3) Standard Edition server:
SQL*Plus: Release 11.2.0.1.0 Production on Wed Aug 21 09:31:52 2013
Copyright (c) 1982, 2010, Oracle. All rights reserved.
SQL> CONNECT system/******@testdb
Connected.
SQL> SET LINES 1000
SQL> SELECT * FROM v$version;
BANNER
Oracle Database 11g Release 11.2.0.3.0 - 64bit Production
PL/SQL Release 11.2.0.3.0 - Production
CORE 11.2.0.3.0 Production
TNS for Solaris: Version 11.2.0.3.0 - Production
NLSRTL Version 11.2.0.3.0 - Production
SQL> COLUMN host FORMAT A20
SQL> COLUMN lower_port FORMAT 99999
SQL> COLUMN upper_port FORMAT 99999
SQL> COLUMN acl FORMAT A40
SQL> COLUMN acl FORMAT A40
SQL> COLUMN principal FORMAT A15
SQL> COLUMN privilege FORMAT A10
SQL> COLUMN is_grant FORMAT A8
SQL> COLUMN status FORMAT A10
SQL> SELECT host, lower_port, upper_port, acl FROM dba_network_acls;
no rows selected
SQL> SELECT acl,principal,privilege,is_grant FROM dba_network_acl_privileges;
no rows selected
SQL> CREATE USER testacl IDENTIFIED BY testacl;
User created.
SQL> GRANT CONNECT TO testacl;
Grant succeeded.
SQL>
SQL> BEGIN
2 dbms_network_acl_admin.create_acl('test_smtp.xml','TEST SMTP ACL','TESTACL',true,'connect');
3 dbms_network_acl_admin.assign_acl('test_smtp.xml','localhost',25);
4 commit;
5 END;
6 /
PL/SQL procedure successfully completed.
SQL> SELECT host, lower_port, upper_port, acl FROM dba_network_acls;
HOST LOWER_PORT UPPER_PORT ACL
localhost 25 25 /sys/acls/test_smtp.xml
SQL> SELECT acl,principal,privilege,is_grant FROM dba_network_acl_privileges;
ACL PRINCIPAL PRIVILEGE IS_GRANT
/sys/acls/test_smtp.xml TESTACL connect true
After creating this ACL I test it like this:
SQL> CONNECT testacl/testacl@testdb
Connected.
SQL> SELECT host, lower_port, upper_port, privilege, status FROM user_network_acl_privileges;
HOST LOWER_PORT UPPER_PORT PRIVILEGE STATUS
localhost 25 25 connect GRANTED
SQL> DECLARE
2 c utl_smtp.connection;
3 BEGIN
4 c := utl_smtp.open_connection('localhost', 25); -- SMTP on port 25
5 utl_smtp.helo(c, 'localhost');
6 utl_smtp.mail(c, 'Oracle11.2');
7 utl_smtp.rcpt(c, '[email protected]');
8 utl_smtp.data(c,'From: Oracle'||utl_tcp.crlf||'To: [email protected]'||utl_tcp.crlf||'Subject: UTL_SMTP TEST'||utl_tcp.crlf||'');
9 utl_smtp.quit(c);
10 END;
11 /
PL/SQL procedure successfully completed.
SQL>
This works fine and I receive the email correctly. Now if I try to do the same thing for a role:
SQL> CONNECT system/******@testdb
Connected.
SQL> BEGIN
2 dbms_network_acl_admin.drop_acl('test_smtp.xml');
3 commit;
4 END;
5 /
PL/SQL procedure successfully completed.
SQL> SELECT host, lower_port, upper_port, acl FROM dba_network_acls;
no rows selected
SQL> CREATE ROLE testacl_role;
Role created.
SQL> GRANT testacl_role TO testacl;
Grant succeeded.
SQL> ALTER USER testacl DEFAULT ROLE ALL;
User altered.
SQL>
SQL> BEGIN
2 dbms_network_acl_admin.create_acl('test_smtp.xml','TEST SMTP ACL','TESTACL_ROLE',true,'connect');
3 dbms_network_acl_admin.assign_acl('test_smtp.xml','localhost',25);
4 commit;
5 END;
6 /
PL/SQL procedure successfully completed.
SQL> SELECT host, lower_port, upper_port, acl FROM dba_network_acls;
HOST LOWER_PORT UPPER_PORT ACL
localhost 25 25 /sys/acls/test_smtp.xml
SQL> SELECT acl,principal,privilege,is_grant FROM dba_network_acl_privileges;
ACL PRINCIPAL PRIVILEGE IS_GRANT
/sys/acls/test_smtp.xml TESTACL_ROLE connect true
SQL>
And now I test it again with the same user:
SQL> CONNECT testacl/testacl@testdb
Connected.
SQL>
SQL> SELECT host, lower_port, upper_port, privilege, status FROM user_network_acl_privileges;
no rows selected
SQL> DECLARE
2 c utl_smtp.connection;
3 BEGIN
4 c := utl_smtp.open_connection('localhost', 25); -- SMTP on port 25
5 utl_smtp.helo(c, 'localhost');
6 utl_smtp.mail(c, 'Oracle11.2');
7 utl_smtp.rcpt(c, '[email protected]');
8 utl_smtp.data(c,'From: Oracle'||utl_tcp.crlf||'To: [email protected]'||utl_tcp.crlf||'Subject: UTL_SMTP TEST'||utl_tcp.crlf||'');
9 utl_smtp.quit(c);
10 END;
11 /
DECLARE
ERROR at line 1:
ORA-24247: network access denied by access control list (ACL)
ORA-06512: at "SYS.UTL_TCP", line 17
ORA-06512: at "SYS.UTL_TCP", line 267
ORA-06512: at "SYS.UTL_SMTP", line 161
ORA-06512: at "SYS.UTL_SMTP", line 197
ORA-06512: at line 4
SQL>
I'm aware that role privileges doesn't apply inside procedures, functions or packages by default, but this is an anonymous block so it should use the active roles for the user. I also tried adding a "dbms_session.set_role('TESTACL_ROLE');" at the beggining of the anonymous PL/SQL block but I got the same access error.
Thanks in advance for any help you can give to me on this question, it would be very hard to grant the ACL to all the individual users as they are more than 1000, and we create more regularly.Thanks for your quick reply... I don't have a problem creating the basic ACL with the privileges granted for a user. The problem appears when I try to create an ACL with privileges for a ROLE. You can see here http://docs.oracle.com/cd/E11882_01/appdev.112/e25788/d_networkacl_adm.htm#BABIGEGG than the official Oracle documentation states that you can assign the ACL principal to be a user or role:
Parameter
Description
acl
Name of the ACL. Relative path will be relative to "/sys/acls".
description
Description attribute in the ACL
principal
Principal (database user or role) to whom the privilege is granted or denied. Case sensitive.
My issue is that when I try to create the ACL for a role it doesn't work.
Have you ever created an ACL for a role? if so please send me an example or let me know which step I might be missing. Cheers. -
Problems setting up ACL in 11g
Hello,
we recently updated from 10g to 11g. In our db we have a job, which calls a procedure, which checks if all mails from our application have been sent probably, if not it sends out a mail via a different mail server to admins, so they can check what the issue was.
This worked fine in 10g. In 11g I've learned I need to set up the ACL to be able to connect to the mail Server. This is what I've done:
Since the job, mentioned above is running for user sys i set up the ACL for the user sys.
begin
if dbms_db_version.ver_le_10_2 then
null;
else
begin
dbms_network_acl_admin.drop_acl(
acl => 'apex-network.xml'
exception
when others then null;
end;
dbms_network_acl_admin.create_acl(
acl => 'apex-network.xml',
description => 'Network-Connects for system check',
principal => 'SYS',
is_grant => true,
privilege => 'connect'
DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(
acl => 'apex-network.xml',
principal => 'SYS',
is_grant => true,
privilege => 'resolve'
dbms_network_acl_admin.assign_acl(
acl => 'apex-lcmcc-network.xml',
host => '123.456.78.99'
end if;
end;
show error
commit;
The statement completed successfully. And i checked if the access is granted with the following statement:
SELECT
FROM
user_network_acl_privileges,
TABLE(DBMS_NETWORK_ACL_UTILITY.DOMAINS('123.456.78.99'))
ORDER BY
DBMS_NETWORK_ACL_UTILITY.DOMAIN_LEVEL(column_value) desc,
lower_port,
upper_port;
I see now for the configured host and all subdomains user sys has the privillege resolve and connect granted.
When i run the procedure, which should sent the mails i still get the error ORA-24247: network access denied by access control list (ACL).
Here is the relevant code from the procedure:
BEGIN
c := UTL_SMTP.OPEN_CONNECTION('123.456.78.99');
UTL_SMTP.HELO(c, 'xxx.de');
UTL_SMTP.MAIL(c, '[email protected]');
UTL_SMTP.RCPT(c, p_rcpt);
UTL_SMTP.OPEN_DATA(c);
send_header('From', p_from);
send_header('To', p_rcpt);
send_header('Subject', p_subject);
UTL_SMTP.WRITE_DATA(c, UTL_TCP.CRLF||p_message );
UTL_SMTP.CLOSE_DATA(c);
UTL_SMTP.QUIT(c);
EXCEPTION
WHEN utl_smtp.transient_error OR utl_smtp.permanent_error THEN
BEGIN
UTL_SMTP.QUIT(c);
EXCEPTION
WHEN UTL_SMTP.TRANSIENT_ERROR OR UTL_SMTP.PERMANENT_ERROR THEN
NULL; -- When the SMTP server is down or unavailable, we don't have
-- a connection to the server. The QUIT call will raise an
-- exception that we can ignore.
END;
raise_application_error(-20000,
'Failed to send mail due to the following error: ' || sqlerrm);
END;
Please forgive me if i miss out important information you need to assist me in this endavor, i will try to deliver them shortly.
Any sugesstions are much apreciated.
Thanks in advance.>Since the job, mentioned above is running for user sys i set up the ACL for the user sys.
SYS schema is reserved for Oracle maintenance & upgrades.
You should NEVER make or modify objects within the SYS schema. -
Hyperlinks in 11g (11.1.1.7)
I'm reposting a post from 2 years ago because, as far as I can tell, there is no solution. I'd like to know if anyone has successfully implemented hyperlinks in BIP 11g.
Can anyone share the method of calling a BIP 11g report from a hyperlink in an RTF file, and passing a parameter into that target report?
I have a BIP report that includes the REGION field, which I want to define as a hyperlink. I want to click on one of the values of REGION, and have it open a second BIP report, passing the clicked value into the RGN parameter in that second report.
The method in 10g was reasonably simple. We could assign the basic URL to a variable, then pass in an argument, like this:
Defining the variable: <?variable:Drill_Rgn;string('http://localhost:9704/path_to_BIP_report')?>
Hyperlink to call the report, passing the REGION field into the RGN parameter: {$Drill_Rgn}?RGN={REGION}
In 11g, the URL is significantly different, and has been made MUCH more complex. Instead of the parameter being passed in using the standard '=' method as it was in 10g, the 11g URL has the parameter imbedded inside the URL, as follows:
http://localhost:9704/analytics/saw.dll?bipublisherEntry&Action=open&itemType=.xdo&bipPath=%2F~retro901%2F_filters%2FRetrospectives%2FSubRegion_Sales.xdo&bipParams={"_xmode":"2","_xpf":"","_xpt":"0","_xdo":"%2F~retro901%2F_filters%2FRetrospectives%2FSubRegion_Sales.xdo","*_paramsRGN":"Central"*,"_xt":"Basic1","_xf":"html","_xautorun":"true"}
Notice the inclusion (bolded) of _paramsRGN"."Central"*, where Central is a value of my REGION field in the XML. The value is in double-quotes, and is imbedded within the URL. This is the exact code copied from the Share Report Link option on the BIP viewer screen when Central is the value of the RGN parameter.
Based on ideas from the documentation, I have tried replacing "Central" with: {REGION}, {$REGION}, REGION, %REGION, "{REGION}", "{$REGION}", "REGION", and "%REGION". No luck. The URL does not get formed properly (i.e. the field value is not substituted into the URL). I've also tried the old (10g) syntax. Nothing I've tried will replace the default value of RGN as specified in the data model.
What is the correct method, in 11g, for calling a BI Publisher report from a hyperlink in an RTF file, and passing a field value into a parameter?Hi all,
does anyone know whether there is any system component pre-requisite, apart from installing xdk, in order for acl to work?
I have this question because after trying different methods we finally made utl_smtp worked on a testing server two days ago (without exactly know what made it work). Then, we tried to redo the whole process (i.e. create brand new database, import data, create acl, run the email function). Out of luck, we fell back to ORA-24247: network access denied by access control list (ACL) problem again. we compared the two databases but found no clue why one working another failed.
By checking the result of the two databases for the following
select host, lower_port, upper_port, acl
from dba_network_acls;
select principal, privilege, is_grant, acl
from dba_network_acl_privileges;
acl on both are the same
Is there any thing we missed out? any hidden pre-requisite?
This is urgent. Could somebody help? please
Some more update:
the database (say X) where acl works has "SYSTEM" as one of the owners of 'UTL_TCP','UTL_SMTP','UTL_MAIL','UTL_HTTP','UTL_INADDR' but in database (say Y) where acl doesn't work "SYSTEM" is not part of owner of 'UTL_TCP','UTL_SMTP','UTL_MAIL','UTL_HTTP','UTL_INADDR'
in X, acl is granted to a role, email invoker with such role can send email successfully;
in Y, both acl on user and acl on role do not work at all.
Edited by: bsmt on May 5, 2010 7:46 PM
Maybe you are looking for
-
Dear all, i am creating STO order from recevieng plant, with the help of same STO in VL10B i am creating replishment delivery, but it will create more than 4 to 5 replishment delivery.(Only the stock of materials in issuing plant is not available.) W
-
Firefox shortcut will not open firefox, only beeps.
Beep is the same as critical stop, no dialog box shows. Shortcut points to firefox.exe, which will not open.
-
I restored my mac back to the factory settings but now my iPhoto application is gone. Help!!! My mac did not come with a disk.
-
Hi, Is it possible to deploy GenericServlets that would listen on TCP/IP socket messages (without the Http GET line)? I need to write a servlet which listens on Sockets. As am totally new to Sockets am little confused. Can anyone help me on this. As
-
Disadvantages of Using Business Area
Dear All We have to define Plant Level Financial Statements. We intend to use the Business Area for generating Plant Level Financial Statements. What are the disadvantages of using Business Area for generating plant wise Financial Statements Regards