Create an Access Control List (ACL)

Access control list can be created, amended and deleted by DBMS_NETWORK_ACL_ADMIN package. It is used for network access. For instance, XML transfer etc.

The following code can create ACL and grant CREATE and RESOLVE privileges to user SCOTT.

BEGIN

  DBMS_NETWORK_ACL_ADMIN.CREATE_ACL(acl         => '/sys/acls/webservice.xml',
                                    description => 'WWW ACL',
                                    principal   => 'SCOTT',
                                    is_grant    => true,
                                    privilege   => 'connect');
 
  DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(acl       => '/sys/acls/webservice.xml',
                                       principal => 'SCOTT',
                                       is_grant  => true,
                                       privilege => 'connect');

  DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(acl       => '/sys/acls/webservice.xml',
                                       principal => 'SCOTT',
                                       is_grant  => true,
                                       privilege => 'resolve');
 
  DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL(acl  => '/sys/acls/webservice.xml',
                                    host => '10.1.1.*',
                                    lower_port  => 80,
                                    upper_port  => 80
                                    );

  COMMIT;
  
END;

Moreover, you can check DBA_NETWORK_ACLS and DBA_NETWORK_ACL_PRIVILEGES data dictionary tables in order to get information about ACLs.

ACLs are droped with DROP_ACL procedure.

BEGIN
  DBMS_NETWORK_ACL_ADMIN.drop_acl (acl => '/sys/acls/webservice.xml');

  COMMIT;  
END;
Posted in DBA
Leave a Reply

Your email address will not be published. Required fields are marked *