我有一个案例,用户应该访问本地网络中的特定网址
形式为192.168.19.*。
虽然他对EXECUTE UTL_HTTP和{acl list'中的权限有适当的授权,但他仍然无法访问列表中允许的网址。
具体来说,我已经将我的ACL创建为sys dba
BEGIN
dbms_network_acl_admin.create_acl(
acl => 'acl_name.xml',
description => 'ACL description',
principal => 'MYUSER',
is_grant => TRUE,
privilege => 'connect');
commit;
dbms_network_acl_admin.assign_acl (
acl => 'acl_name.xml',
host => '192.168.19.*',
lower_port => 1,
upper_port => 9999);
commit;
END;
/
以sys,
运行以下命令SELECT acl, principal, privilege, is_grant
FROM dba_network_acl_privileges;
我得到了
ACL PRINCIPAL PRIVILEGE IS_GRANT
----------------------- --------- --------------- --------
/sys/acls/acl_name.xml MYUSER connect true
作为MYUSER连接并运行以下查询,
SELECT host, lower_port, upper_port, privilege, status
FROM user_network_acl_privileges;
我得到了
HOST LOWER_PORT UPPER_PORT PRIVILEGE STATUS
------------------ ---------- ---------- --------- -------
192.168.19.* 1 9999 connect GRANTED
MYUSER EXECUTE在UTL_HTTP上被 select utl_http.request('http://192.168.19.202:7101/gdc') from dual;
授予,当尝试连接到所需的网址时:
[Error] Execution (1: 8): ORA-29273: HTTP request failed
ORA-06512: at "SYS.UTL_HTTP", line 1720
ORA-24247: network access denied by access control list (ACL)
ORA-06512: at line 1
得到:
resolve我试图删除并重新创建没有运气的列表,尝试分配 BANNER
-------------------------------------------------------------------------
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
PL/SQL Release 11.2.0.4.0 - Production
CORE 11.2.0.4.0 Production
TNS for IBM/AIX RISC System/6000: Version 11.2.0.4.0 - Production
NLSRTL Version 11.2.0.4.0 - Production
5 rows selected.
特权,但他仍然不能通过ACL。
我错过了阻止用户调用此网址的内容吗?
我的遗嘱信息是:
{{1}}