Hints and tricks for Oracle and other stuff...

Hints, tricks, tip for programming in PL/SQL, Java, Elastic, ....

Tuesday, September 14, 2021

Setting ACL and reading ACL settings

Executing with ADMIN user

Create ACL and add pages to list:

begin

dbms_network_acl_admin.create_acl (

acl => 'URL_RASD_PERMISSIONS.xml', 

description => 'URL_RASD_PERMISSIONS',

principal => 'RASD',

is_grant => TRUE,

privilege => 'connect',

start_date => null,

end_date => null

);

dbms_output.put_line('acl URL_RASD_PERMISSIONS created');

commit;

end;

/

begin

DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(acl => 'URL_RASD_PERMISSIONS.xml',

principal => 'RASD',

is_grant => true,

privilege => 'connect');

DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(acl => 'URL_RASD_PERMISSIONS.xml',

principal => 'RASD',

is_grant => true,

privilege => 'resolve');

dbms_output.put_line('Added privileges connect, resolve to acl URL_RASD_PERMISSIONS.');

commit;

end;

/

begin  

dbms_network_acl_admin.assign_acl (

acl => 'URL_RASD_PERMISSIONS.xml',

host => 'sourceforge.net',  

lower_port => 443,

upper_port => 443

);

dbms_output.put_line('Open acces to sourceforge.net on port 443 to acl URL_RASD_PERMISSIONS.');

COMMIT;

end;

/

begin  

dbms_network_acl_admin.assign_acl (

acl => 'URL_RASD_PERMISSIONS.xml',

host => 'api.github.com',  

lower_port => 443,

upper_port => 443

);

dbms_output.put_line('Open acces to api.github.com on port 443 to acl URL_RASD_PERMISSIONS.');

COMMIT;

end;

/

Show ACL settings:

begin  

dbms_output.put_line('Registrated ACL premisons for RASD:');

for r in (

SELECT PRINCIPAL, HOST, lower_port, upper_port, acl, 'connect' AS PRIVILEGE 

--    DECODE(DBMS_NETWORK_ACL_ADMIN.CHECK_PRIVILEGE_ACLID(aclid, PRINCIPAL, 'connect'), 1,'GRANTED', 0,'DENIED', NULL) PRIVILEGE_STATUS

FROM DBA_NETWORK_ACLS

    JOIN DBA_NETWORK_ACL_PRIVILEGES USING (ACL, ACLID) 

WHERE ACL like '%RASD%'    

UNION ALL

SELECT PRINCIPAL, HOST, NULL lower_port, NULL upper_port, acl, 'resolve' AS PRIVILEGE 

--    DECODE(DBMS_NETWORK_ACL_ADMIN.CHECK_PRIVILEGE_ACLID(aclid, PRINCIPAL, 'resolve'), 1,'GRANTED', 0,'DENIED', NULL) PRIVILEGE_STATUS

FROM DBA_NETWORK_ACLS

    JOIN DBA_NETWORK_ACL_PRIVILEGES USING (ACL, ACLID)

WHERE ACL like '%RASD%'   

order by acl, principal

) loop

dbms_output.put_line(lpad(r.PRINCIPAL,20,' ')||' '||lpad(r.host,20,' ')||' '||lpad(nvl(r.lower_port,'0'),5,' ')||' '||lpad(nvl(r.upper_port,'0'),5,' ')||' '||lpad(r.acl,50,' ')||' '|| r.privilege);

end loop;

COMMIT;

end;

/

spool off

# posted by Domen Dolar @ 10:14 PM

Domen Dolar

Links

• Rapid Application Service Development

---

• Hints for Ibm

Source

• Lib
• SOAP
• Random
• Check URL status
• BMP

Previous Posts

• Read internet pages with utl_http in oracle autono...
• Parse JSON in SQL - gitlab sample
• Batch script - create new files from template file
• Phyton - parse XML from string or file with namesp...
• Connect your Oracle database with GitLab
• ORA-31186: Document contains too many nodes
• Count number of X strings in text - using length a...
• Inserting custom logs types to Logstash (ELK) usin...
• Decode X509 Certificate in PL/SQL - Oracle
• Sending oracle logs - plsql to elasticsearch - elk

Archives

• November 2006
• December 2006
• January 2007
• March 2007
• July 2018
• January 2020
• March 2020
• October 2020
• May 2021
• September 2021
• November 2022
• December 2022