![]() ![]() Home / ORACLE SECURITY / how to send mail using utl_mail in oracle 11g. Exec DBMS_NETWORK_ACL_ADMIN. DBMS_TNS package for tnsping in database Oracle 12.2. |||||||||||| » » » Here Fine-Grained Access to Network Services Enhancements in Oracle Database 12c Release 1 Oracle allows access to external network services using several PL/SQL APIs ( UTL_TCP, UTL_SMTP, UTL_MAIL, UTL_HTTP and UTL_INADDR), all of which are implemented using the TCP protocol. In previous versions of the database, access to external services was effectively an on/off switch based on whether a user was granted execute permissions on a specific package or not. Oracle 11g introduced fine grained access to network services using access control lists (ACL) in the XML DB repository, allowing control over which users access which network resources, regardless of package grants. Oracle provide the DBMS_NETWORK_ACL_ADMIN and DBMS_NETWORK_ACL_UTILITY packages to allow ACL management from PL/SQL. Oracle Database 12c has deprecated many of the procedures and functions in the DBMS_NETWORK_ACL_ADMIN package, replacing them with new procedures and functions. We still have the concept of Access Control Lists (ACLs), but these are often created implicitly when adding an Access Control Entry (ACE), which is similar to adding privileges using the previous API. The biggest change is an Access Control Entry can be limited to specific PL/SQL APIs ( UTL_TCP, UTL_INADDR, UTL_HTTP, UTL_SMTP, and UTL_MAIL). In the previous incarnation, once a port was opened for a user, it was accessible to all APIs. This gives a greater level of control. Although deprecated, the old functionality is retained for backwards compatibility, but it should be avoided as it is inferior to the new functionality. • • • • • • • • Related articles. • Setup In a multitenant environment, Access Control Entries (ACEs) can be created at the CDB or PDB level. For the examples in this article, all the host ACLs and host ACEs will be created at the PDB level. The following code creates two test users in a PDB. CONN sys@pdb1 AS SYSDBA CREATE USER test1 IDENTIFIED BY test1; GRANT CONNECT TO test1; CREATE USER test2 IDENTIFIED BY test2; GRANT CONNECT TO test2; Append an Access Control List (ACE) You will never create a host ACL directly. Instead, they are implicitly created when you append a host Access Control Entry (ACE) using the DBMS_NETWORK_ACL_ADMIN.APPEND_HOST_ACE procedure. If you append a new ACE to a host that has no existing host ACL, a new host ACL is implicitly created. If the host already has an ACL, the new host ACE will be appended to the existing host ACL.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
January 2019
Categories |