1. How To Install Dbms_network_acl_admin Package In 11g

The DBMS_NETWORK_ACL_ADMIN package provides the interface to administer the network Access Control List (ACL).

1. 101 DBMS_NETWORK_ACL_ADMIN. The EXECUTE privilege on the DBMS_NETWORK_ACL_ADMIN package is granted to the DBA role and to the EXECUTE_CATALOG_ROLE by default.
2. How to Manually Install XML DB on 11gR2. When the creation of an ACL is attempted using DBMS_NETWORK_ACL_ADMIN.CREATE_ACL then this will error with the following.

Anybody here knows how to install a PLSQL package in Oracle 11g? I am trying to use these two packages: DBMS_NETWORK_ACL_ADMIN DBMS_NETWORK_ACL_UTILITY I am using Oracle Application Express and.

See Also:

For more information, see 'Managing Fine-grained Access to External Network Services' in Oracle Database Security Guide

The chapter contains the following topics:

• • Examples

Using DBMS_NETWORK_ACL_ADMIN

Examples

Example1

Grant the connect and resolve privileges for host www.us.oracle.com to SCOTT.

Example 2

Grant the resolve privilege for www.us.oracle.com to ADAMS. Since an ACL for www.us.oracle.com exists already, just add the privilege for ADAMS.

Example 3

Assign the ACL www.xml to www-proxy.us.oracle.com so that SCOTT and ADAMS can access www-proxy.us.oracle.com also.

Example 4

Unassign the ACL from www.us.oracle.com so that no access to www.us.oracle.com is allowed.

Example 5

The DOMAINS Function in the DBMS_NETWORK_ACL_UTLILITY package returns all the domains a host belongs to. It can be used in conjunction with the CHECK_PRIVILEGE_ACLID Function in this package to determine the privilege assignments affecting a user's permission to access a network host. The function DOMAIN_LEVEL Function in the DBMS_NETWORK_ACL_UTILITY package returns the level of each domain and can be used to order the ACL assignments by their precedence.

For example, for SCOTT's permission to connect to www.us.oracle.com:

Example 6

For example, for SCOTT's permission to do domain name resolution for www.us.oracle.com:

Note that the 'resolve' privilege takes effect only in ACLs assigned without any port range (when lower_port and upper_port are NULL). For this reason, we do not include lower_port and upper_port columns in the query.

Summary of DBMS_NETWORK_ACL_ADMIN Subprograms

Table 80-1 DBMS_NETWORK_ACL_ADMIN Package Subprograms

Subprogram	Description
Adds a privilege to grant or deny the network access to the user in an access control list (ACL)
Assigns an access control list (ACL) to a network host, and optionally specific to a TCP port range
Checks if a privilege is granted to or denied from the user in an access control list (ACL)
Checks if a privilege is granted to or denied from the user in an ACL by specifying the object ID of the access control list
Creates an access control list (ACL) with an initial privilege setting
Deletes a privilege in an access control list (ACL)
Drops an access control list (ACL)
Unassigns the access control list (ACL) currently assigned to a network host.

ADD_PRIVILEGE Procedure

This procedure adds a privilege to grant or deny the network access to the user. The access control entry (ACE) will be created if it does not exist.

Syntax

Parameters

Table 80-2 ADD_PRIVILEGE Function Parameters

Parameter	Description
acl	Name of the ACL. Relative path will be relative to '/sys/acls'.
principal	Principal (database user or role) to whom the privilege is granted or denied. Case sensitive.
is_grant	Network privilege to be granted or denied - 'connectresolve' (case sensitive). A database user needs the connect privilege to an external network host computer if he or she is connecting using the UTL_TCP, UTL_HTTP, UTL_SMTP, and UTL_MAIL utility packages. To resolve a host name that was given a host IP address, or the IP address that was given a host name, with the UTL_INADDR package, grant the database user the resolve privilege.
privilege	Network privilege to be granted or denied
position	Position (1-based) of the ACE. If a non-NULL value is given, the privilege will be added in a new ACE at the given position and there should not be another ACE for the principal with the same is_grant (grant or deny). If a NULL value is given, the privilege will be added to the ACE matching the principal and the is_grant if one exists, or to the end of the ACL if the matching ACE does not exist.
start_date	Start date of the access control entry (ACE). When specified, the ACE will be valid only on and after the specified date. The start_date will be ignored if the privilege is added to an existing ACE.
end_state	End date of the access control entry (ACE). When specified, the ACE will expire after the specified date. The end_date must be greater than or equal to the start_date. The end_date will be ignored if the privilege is added to an existing ACE.

Usage Notes

To remove the permission, use the DELETE_PRIVILEGE Procedure.

Examples

ASSIGN_ACL Procedure

This procedure assigns an access control list (ACL) to a host computer, domain, or IP subnet, and if specified, the TCP port range.

Syntax

Parameters

Table 80-3 ASSIGN_ACL Function Parameters

Parameter	Description
acl	Name of the ACL. Relative path will be relative to '/sys/acls'.
host	Host to which the ACL will be assigned. The host can be the name or the IP address of the host. A wildcard can be used to specify a domain or a IP subnet. The host or domain name is case-insensitive.
lower_port	Lower bound of a TCP port range if not NULL
upper_port	Upper bound of a TCP port range. If NULL, lower_port is assumed.

Usage Notes

• Only one ACL can be assigned to any host computer, domain, or IP subnet, and if specified, the TCP port range. When you assign a new access control list to a network target, Oracle Database unassigns the previous access control list that was assigned to the same target. However, Oracle Database does not drop the access control list. You can drop the access control list by using the DROP_ACL Procedure. To remove an access control list assignment, use the UNASSIGN_ACL Procedure.

• The ACL assigned to a domain takes a lower precedence than the other ACLs assigned sub-domains, which take a lower precedence than the ACLs assigned to the individual hosts. So for a given host say 'www.us.oracle.com', the following domains are listed in decreasing precedences:

  - www.us.oracle.com

  - *.us.oracle.com

  - *.oracle.com

  - *.com

  - *

  Gba exploader r4. In the same way, the ACL assigned to an subnet takes a lower precedence than the other ACLs assigned smaller subnets, which take a lower precedence than the ACLs assigned to the individual IP addresses. So for a given IP address say '192.168.0.100', the following subnets are listed in decreasing precedences:

  - 192.168.0.100

  - 192.168.0.*

  - 192.168.*

  - 192.*

  - *

• The port range is applicable only to the 'connect' privilege assignments in the ACL. The 'resolve' privilege assignments in an ACL have effects only when the ACL is assigned to a host without a port range.

  For the 'connect' privilege assignments, an ACL assigned to the host without a port range takes a lower precedence than other ACLs assigned to the same host with a port range.

• When specifying a TCP port range, both lower_port and upper_port must not be NULL and upper_port must be greater than or equal to lower_port. The port range must not overlap with any other port ranges for the same host assigned already.

• To remove the assignment, use UNASSIGN_ACL Procedure.

Examples

CHECK_PRIVILEGE Function

This function checks if a privilege is granted to or denied from the user in an ACL.

Syntax

Parameters

Table 80-4 CHECK_PRIVILEGE Function Parameters

Parameter	Description
acl	Name of the ACL. Relative path will be relative to '/sys/acls'.
user	User to check against. If the user is NULL, the invoker is assumed. The username is case-sensitive as in the USERNAME column of the ALL_USERS view.
privilege	Network privilege to check

Return Values

Returns 1 when the privilege is granted; 0 when the privilege is denied; NULL when the privilege is neither granted or denied.

Examples

CHECK_PRIVILEGE_ACLID Function

This function checks if a privilege is granted to or denied from the user in an ACL by specifying the object ID of the access control list.

Syntax

Parameters

Table 80-5 CHECK_PRIVILEGE_ACLID Function Parameters

Parameter	Description
aclid	Object ID of the ACL
user	User to check against. If the user is NULL, the invoker is assumed. The username is case-sensitive as in the USERNAME column of the ALL_USERS view.
privilege	Network privilege to check

Return Values

Returns 1 when the privilege is granted; 0 when the privilege is denied; NULL when the privilege is neither granted or denied.

CREATE_ACL Procedure

This procedure creates an access control list (ACL) with an initial privilege setting. An ACL must have at least one privilege setting. The ACL has no access control effect unless it is assigned to network target.

Syntax

Parameters

Table 80-6 CREATE_ACL Function Parameters

Parameter	Description
acl	Name of the ACL. Relative path will be relative to '/sys/acls'.
description	Description attribute in the ACL
principal	Principal (database user or role) to whom the privilege is granted or denied. Case sensitive.
is_grant	Privilege is granted or not (denied)
privilege	Network privilege to be granted or denied - 'connectresolve' (case sensitive). A database user needs the connect privilege to an external network host computer if he or she is connecting using the UTL_TCP, UTL_HTTP, UTL_SMTP, and UTL_MAIL utility packages. To resolve a host name that was given a host IP address, or the IP address that was given a host name, with the UTL_INADDR package, grant the database user the resolve privilege.
start_date	Start date of the access control entry (ACE). When specified, the ACE will be valid only on and after the specified date.
end_state	End date of the access control entry (ACE). When specified, the ACE will expire after the specified date. The end_date must be greater than or equal to the start_date.

Usage Notes

To drop the access control list, use the DROP_ACL Procedure.

Examples

DELETE_PRIVILEGE Procedure

This procedure deletes a privilege in an access control list.

Syntax

Parameters

Table 80-7 DELETE_PRIVILEGE Function Parameters

Parameter	Description
acl	Name of the ACL. Relative path will be relative to '/sys/acls'.
principal	Principal (database user or role) for whom all the ACE will be deleted
is_grant	Privilege is granted or not (denied). If a null value is given, the deletion is applicable to both granted or denied privileges.
privilege	Network privilege to be deleted. If a NULL value is given, the deletion is applicable to all privileges.

Examples

DROP_ACL Procedure

This procedure drops an access control list (ACL).

Syntax

Parameters

Table 80-8 DROP_ACL Function Parameters

Parameter	Description
acl	Name of the ACL. Relative path will be relative to '/sys/acls'.

Examples

UNASSIGN_ACL Procedure

This procedure unassigns the access control list (ACL) currently assigned to a network host.

Syntax

Parameters

Table 80-9 UNASSIGN_ACL Function Parameters

Parameter	Description
acl	Name of the ACL. Relative path will be relative to '/sys/acls'. If acl is NULL, any ACL assigned to the host will be unassigned.
host	Host from which the ACL will be removed. The host can be the name or the IP address of the host. A wildcard can be used to specify a domain or a IP subnet. The host or domain name is case-insensitive. If host is null, the ACL will be unassigned from any host. If both host and acl are NULL, all ACL assignments will be deleted.
lower_port	Lower bound of a TCP port range if not NULL
upper_port	Upper bound of a TCP port range. If NULL, lower_port is assumed.

Examples

The DBMS_NETWORK_ACL_ADMIN package provides the interface to administer the network Access Control List (ACL).

See Also:

For more information, see 'Managing Fine-grained Access to External Network Services' in Oracle Database Security Guide

The chapter contains the following topics:

• • Overview

  • Deprecated Subprograms

  • Security Model

  • Constants

  • Exceptions

  • Examples

Using DBMS_NETWORK_ACL_ADMIN

Overview

The NETWORK_ACL_ADMIN package provides the interface to administer the network access control lists (ACL). ACLs are used to control access by users to external network services and resources from the database through PL/SQL network utility packages including UTL_TCP, UTL_HTTP, UTL_SMTP andUTL_INADDR.

Deprecated Subprograms

Oracle recommends that you do not use deprecated subprograms in new applications. Support for deprecated features is for backward compatibility only

The following subprograms are deprecated with release Oracle Database 12c:

Security Model

The EXECUTE privilege on the DBMS_NETWORK_ACL_ADMIN package is granted to the DBA role and to the EXECUTE_CATALOG_ROLE by default.

Constants

The DBMS_NETWORK_ACL_ADMIN package uses the constants shown in Table 101-1, 'DBMS_NETWORK_ACL_ADMIN Constants'

Table 101-1 DBMS_NETWORK_ACL_ADMIN Constants

Constant	Type	Value	Description
IP_ADDR_MASK	VARCHAR2(80)	'([[:digit:]]+.){3}[[:digit:]]+'	IP address mask: xxx.xxx.xxx.xxx
IP_SUBNET_MASK	VARCHAR2(80)	'([[:digit:]]+.){0,3}*'	IP subnet mask: xxx.xxx..*
HOSTNAME_MASK	VARCHAR2(80)	'[^.:/*]+(.[^.:/*]+)*'	Hostname mask: ???.???.???..???
DOMAIN_MASK	VARCHAR2(80)	'*(.[^.:/*]+)*'	Domain mask: *.???.???..???

Exceptions

The following table lists the exceptions raised by the DBMS_NETWORK_ACL_ADMIN package.

Table 101-2 DBMS_NETWORK_ACL_ADMIN Exceptions

Exception	Error Code	Description
ACE_ALREADY_EXISTS	24243	ACE already exists
EMPTY_ACL	24246	Andres neuman. Empty ACL
ACL_NOT_FOUND	46114	ACL not found
ACL_ALREADY_EXISTS	46212	ACL already exists
INVALID_ACL_PATH	46059	Invalid ACL path
INVALID_HOST	24244	Invalid host
INVALID_PRIVILEGE	24245	Invalid privilege
INVALID_WALLET_PATH	29248	Invalid wallet path
BAD_ARGUMENT	29261	Bad argument
UNRESOLVED_PRINCIPAL	46238	Unresolved principal
PRIVILEGE_NOT_GRANTED	01927	Privilege not granted

Examples

Example1

Grant the connect and resolve privileges for host www.us.example.com to SCOTT.

Example 2

Revoke the resolve privilege for host www.us.example.com from SCOTT.

Example 3

Grant the use_client_certificates and use_passwords privileges for wallet file:/example/wallets/hr_wallet to SCOTT.

Example 4

Revoke the use_passwords privilege for wallet file:/example/wallets/hr_wallet from SCOTT.

Example 5

The CONTAINS_HOST in the DBMS_NETWORK_ACL_UTLILITY package determines if a host is contained in a domain. It can be used in conjunction with the DBA_HOST_ACE view to determine the users and their privilege assignments to access a network host.For example, for access to www.us.example.com:

Example 6

For example, for HQ_DBA's own permission to access to www.us.example.com:

Summary of DBMS_NETWORK_ACL_ADMIN Subprograms

Table 101-3 DBMS_NETWORK_ACL_ADMIN Package Subprograms

Subprogram	Description
[DEPRECATED] Adds a privilege to grant or deny the network access to the user in an access control list (ACL)
Appends an access control entry (ACE) to the access control list (ACL) of a network host.
Appends access control entries (ACE) of an access control list (ACL) to the ACL of a network host
Appends an access control entry (ACE) to the access control list (ACL) of a wallet
Appends access control entries (ACE) of an access control list (ACL) to the ACL of a wallet
[DEPRECATED] Assigns an access control list (ACL) to a host computer, domain, or IP subnet, and if specified, the TCP port range.
[DEPRECATED] Assigns an access control list (ACL) to a wallet
[DEPRECATED] Checks if a privilege is granted or denied the user in an access control list (ACL)
[DEPRECATED] Checks if a privilege is granted to or denied from the user in an ACL by specifying the object ID of the access control list
[DEPRECATED] Creates an access control list (ACL) with an initial privilege setting
[DEPRECATED] Deletes a privilege in an access control list (ACL)
[DEPRECATED] Drops an access control list (ACL)
Removes privileges from access control entries (ACE) in the access control list (ACL) of a network host matching the given ACE
Removes privileges from access control entries (ACE) in the access control list (ACL) of a wallet matching the given ACE
Sets the access control list (ACL) of a network host which controls access to the host from the database
Sets the access control list (ACL) of a wallet which controls access to the wallet from the database
[DEPRECATED] Unassigns the access control list (ACL) currently assigned to a network host
[DEPRECATED] Unassigns the access control list (ACL) currently assigned to a wallet

ADD_PRIVILEGE Procedure

Note:

This procedure is deprecated in Oracle Database 12c. While the procedure remains available in the package for reasons of backward compatibility, Oracle recommends using the APPEND_HOST_ACE Procedure and the APPEND_WALLET_ACE Procedure.

This procedure adds a privilege to grant or deny the network access to the user. The access control entry (ACE) is created if it does not exist.

Parameters

Table 101-4 ADD_PRIVILEGE Function Parameters

Parameter	Description
acl	Name of the ACL. Relative path will be relative to '/sys/acls'
principal	Principal (database user or role) to whom the privilege is granted or denied. Case sensitive.
is_grant	Privilege is granted or denied.
privilege	Network privilege to be granted or denied
position	Position (1-based) of the ACE. If a non-NULL value is given, the privilege will be added in a new ACE at the given position and there should not be another ACE for the principal with the same is_grant (grant or deny). If a NULL value is given, the privilege will be added to the ACE matching the principal and the is_grant if one exists, or to the end of the ACL if the matching ACE does not exist.
start_date	Start date of the access control entry (ACE). When specified, the ACE will be valid only on and after the specified date. The start_date will be ignored if the privilege is added to an existing ACE.
end_date	End date of the access control entry (ACE). When specified, the ACE expires after the specified date. The end_date must be greater than or equal to the start_date. The end_date will be ignored if the privilege is added to an existing ACE.

Usage Notes

To remove the permission, use the DELETE_PRIVILEGE Procedure.

APPEND_HOST_ACE Procedure

This procedure appends an access control entry (ACE) to the access control list (ACL) of a network host. The ACL controls access to the given host from the database and the ACE specifies the privileges granted to or denied from the specified principal.

Parameters

Table 101-5 APPEND_HOST_ACE Function Parameters

Parameter	Description
host	The host, which can be the name or the IP address of the host. You can use a wildcard to specify a domain or a IP subnet. The host or domain name is case-insensitive.
lower_port	Lower bound of an optional TCP port range
upper_port	Upper bound of an optional TCP port range. If NULL, lower_port is assumed.
ace	The ACE

Usage Notes

• Duplicate privileges in the matching ACE in the host ACL will be skipped.

• To remove the ACE, use the REMOVE_HOST_ACE Procedure.

• A host's ACL takes precedence over its domains' ACLs. For a given host, say www.us.example.com, the following domains are listed in decreasing precedence:

  • www.us.example.com

  • *.us.example.com

  • *.example.com

  • *.com

  • *

• An IP address' ACL takes precedence over its subnets' ACLs. For a given IP address, say 192.168.0.100, the following subnets are listed in decreasing precedence:

  • 192.168.0.100

  • 192.168.0.*

  • 192.168.*

  • 192.*

  • *

• An ACE with a 'resolve' privilege can be appended only to a host's ACL without a port range.

• When ACEs with 'connect' privileges are appended to a host's ACLs with and without a port range, the one appended to the host with a port range takes precedence.

• When specifying a TCP port range of a host, it cannot overlap with other existing port ranges of the host.

• If the ACL is shared with another host or wallet, a copy of the ACL will be made before the ACL is modified.

See Also:

Oracle Database Real Application Security Administrator's and Developer's Guide for more information about the XS$ACE_TYPE object type

APPEND_HOST_ACL Procedure

This procedure appends access control entries (ACE) of an access control list (ACL) to the ACL of a network host.

Parameters

Table 101-6 APPEND_HOST_ACL Function Parameters

Parameter	Description
host	The host, which can be the name or the IP address of the host. You can use a wildcard to specify a domain or a IP subnet. The host or domain name is case-insensitive.
lower_port	Lower bound of an optional TCP port range
upper_port	Upper bound of an optional TCP port range. If NULL, lower_port is assumed.
acl	The ACL from which to append

Usage Notes

• Duplicate privileges in the matching ACE in the host ACL will be skipped.

• To remove the ACE, use the REMOVE_HOST_ACE Procedure.

• A host's ACL takes precedence over its domains' ACLs. For a given host, say www.us.example.com, the following domains are listed in decreasing precedence:

  • www.us.example.com

  • *.us.example.com

  • *.example.com

  • *.com

  • *

• An IP address' ACL takes precedence over its subnets' ACLs. For a given IP address, say 192.168.0.100, the following subnets are listed in decreasing precedence:

  • 192.168.0.100

  • 192.168.0.*

  • 192.168.*

  • 192.*

  • *

• An ACE with a 'resolve' privilege can be appended only to a host's ACL without a port range.

• When ACEs with 'connect' privileges are appended to a host's ACLs with and without a port range, the one appended to the host with a port range takes precedence.

• When specifying a TCP port range of a host, it cannot overlap with other existing port ranges of the host.- If the ACL is shared with another host or wallet, a copy of the ACL will be made before the ACL is modified.

APPEND_WALLET_ACE Procedure

This procedure appends an access control entry (ACE) to the access control list (ACL) of a wallet. The ACL controls access to the given wallet from the database and the ACE specifies the privileges granted to or denied from the specified principal.

Parameters

Table 101-7 APPEND_WALLET_ACE Function Parameters

Parameter	Description
wallet_path	Directory path of the wallet. The path is case-sensitive of the format file:directory-path.
ace	The ACE

Usage Notes

• Duplicate privileges in the matching ACE in the host ACL will be skipped.

• To remove the ACE, use the REMOVE_WALLET_ACE Procedure.

• If the ACL is shared with another host or wallet, a copy of the ACL is made before the ACL is modified.

See Also:

Oracle Database Real Application Security Administrator's and Developer's Guide for more information about the XS$ACE_TYPE object type

APPEND_WALLET_ACL Procedure

This procedure appends access control entries (ACE) of an access control list (ACL) to the ACL of a wallet.

Parameters

Table 101-8 APPEND_WALLET_ACL Function Parameters

Parameter	Description
wallet_path	Directory path of the wallet. The path is case-sensitive of the format file:directory-path.
ace	The ACL from which to append

Usage Notes

• Duplicate privileges in the matching ACE in the host ACL will be skipped.

• To remove the ACE, use REMOVE_WALLET_ACE.

• If the ACL is shared with another host or wallet, a copy of the ACL is made before the ACL is modified.

ASSIGN_ACL Procedure

Note:

This procedure is deprecated in Oracle Database 12c. While the procedure remains available in the package for reasons of backward compatibility, Oracle recommends using the APPEND_HOST_ACE Procedure and the APPEND_WALLET_ACE Procedure.

This procedure assigns an access control list (ACL) to a host computer, domain, or IP subnet, and if specified, the TCP port range.

Parameters

Table 101-9 ASSIGN_ACL Function Parameters

Parameter	Description
acl	Name of the ACL. Relative path will be relative to '/sys/acls'.
host	Host to which the ACL is to be assigned. The host can be the name or the IP address of the host. A wildcard can be used to specify a domain or a IP subnet. The host or domain name is case-insensitive.
lower_port	Lower bound of a TCP port range if not NULL
upper_port	Upper bound of a TCP port range. If NULL, lower_port is assumed.

Usage Notes

• Only one ACL can be assigned to any host computer, domain, or IP subnet, and if specified, the TCP port range. When you assign a new access control list to a network target, Oracle Database unassigns the previous access control list that was assigned to the same target. However, Oracle Database does not drop the access control list. You can drop the access control list by using the DROP_ACL Procedure. To remove an access control list assignment, use the UNASSIGN_ACL Procedure.

• The ACL assigned to a domain takes a lower precedence than the other ACLs assigned sub-domains, which take a lower precedence than the ACLs assigned to the individual hosts. So for a given host, for example, 'www.us.example.com', the following domains are listed in decreasing precedences:

  - www.us.example.com

  - *.us.example.com

  - *.example.com

  - *.com

  - *

  In the same way, the ACL assigned to an subnet takes a lower precedence than the other ACLs assigned smaller subnets, which take a lower precedence than the ACLs assigned to the individual IP addresses. So for a given IP address, for example, '192.168.0.100', the following subnets are listed in decreasing precedences:

  - 192.168.0.100

  - 192.168.0.*

  - 192.168.*

  - 192.*

  - *

• The port range is applicable only to the 'connect' privilege assignments in the ACL. The 'resolve' privilege assignments in an ACL have effects only when the ACL is assigned to a host without a port range.

  For the 'connect' privilege assignments, an ACL assigned to the host without a port range takes a lower precedence than other ACLs assigned to the same host with a port range.

• When specifying a TCP port range, both lower_port and upper_port must not be NULL and upper_port must be greater than or equal to lower_port. The port range must not overlap with any other port ranges for the same host assigned already.

• To remove the assignment, use UNASSIGN_ACL Procedure.

ASSIGN_WALLET_ACL Procedure

Note:

This procedure is deprecated in Oracle Database 12c. While the procedure remains available in the package for reasons of backward compatibility, Oracle recommends using the APPEND_HOST_ACE Procedure and the APPEND_WALLET_ACE Procedure.

This procedure assigns an access control list (ACL) to a wallet.

Parameters

Table 101-10 ASSIGN_WALLET_ACL Procedure Parameters

Parameter	Description
acl	Name of the ACL. Relative path will be relative to '/sys/acls'
wallet_path	Directory path of the wallet to which the ACL is to be assigned. The path is case-sensitive and of the format file:directory-path.

Usage Notes

To remove the assignment, use the UNASSIGN_WALLET_ACL Procedure.

CHECK_PRIVILEGE Function

Note:

This procedure is deprecated in Oracle Database 12

How To Install Dbms_network_acl_admin Package In 11g

c. The procedure remains available in the package only for reasons of backward compatibility.

This function checks if a privilege is granted or denied the user in an ACL.

Parameters

Table 101-11 CHECK_PRIVILEGE Function Parameters

Parameter	Description
acl	Name of the ACL. Relative path will be relative to '/sys/acls'.
user	User to check against. If the user is NULL, the invoker is assumed. The username is case-sensitive as in the USERNAME column of the ALL_USERS view.
privilege	Network privilege to check

Return Values

Returns 1 when the privilege is granted; 0 when the privilege is denied; NULL when the privilege is neither granted or denied.

CHECK_PRIVILEGE_ACLID Function

Note:

This procedure is deprecated in Oracle Database 12c. The procedure remains available in the package only for reasons of backward compatibility.

This function checks if a privilege is granted to or denied from the user in an ACL by specifying the object ID of the access control list.

Parameters

Table 101-12 CHECK_PRIVILEGE_ACLID Function Parameters

Parameter	Description
aclid	Object ID of the ACL
user	User to check against. If the user is NULL, the invoker is assumed. The username is case-sensitive as in the USERNAME column of the ALL_USERS view.
privilege	Network privilege to check

Return Values

Returns 1 when the privilege is granted; 0 when the privilege is denied; NULL when the privilege is neither granted or denied.

CREATE_ACL Procedure

Note:

This procedure is deprecated in Oracle Database 12c. While the procedure remains available in the package for reasons of backward compatibility, Oracle recommends using the APPEND_HOST_ACE Procedure and the APPEND_WALLET_ACE Procedure.

This procedure creates an access control list (ACL) with an initial privilege setting. An ACL must have at least one privilege setting. The ACL has no access control effect unless it is assigned to the network target.

Parameters

Table 101-13 CREATE_ACL Procedure Parameters

Parameter	Description
acl	Name of the ACL. Relative path will be relative to '/sys/acls'.
description	Description attribute in the ACL
principal	Principal (database user or role) to whom the privilege is granted or denied. Case sensitive.
is_grant	Privilege is granted or not (denied)
privilege	Network privilege to be granted or denied - 'connectresolve' (case sensitive). A database user needs the connect privilege to an external network host computer if he or she is connecting using the UTL_TCP, UTL_HTTP, UTL_SMTP, and UTL_MAIL utility packages. To resolve a host name that was given a host IP address, or the IP address that was given a host name, with the UTL_INADDR package, grant the database user the resolve privilege.
start_date	Start date of the access control entry (ACE). When specified, the ACE is valid only on and after the specified date.
end_date	End date of the access control entry (ACE). When specified, the ACE expires after the specified date. The end_date must be greater than or equal to the start_date.

Usage Notes

To drop the access control list, use the DROP_ACL Procedure.

DELETE_PRIVILEGE Procedure

Note:

This procedure is deprecated in Oracle Database 12c. While the procedure remains available in the package for reasons of backward compatibility, Oracle recommends using the REMOVE_HOST_ACE Procedure and the REMOVE_WALLET_ACE Procedure.

This procedure deletes a privilege in an access control list.

Parameters

Table 101-14 DELETE_PRIVILEGE Function Parameters

Parameter	Description
acl	Name of the ACL. Relative path will be relative to '/sys/acls'.
principal	Principal (database user or role) for whom all the ACE will be deleted
is_grant	Privilege is granted or not (denied). If a NULL value is given, the deletion is applicable to both granted or denied privileges.
privilege	Network privilege to be deleted. If a NULL value is given, the deletion is applicable to all privileges.

DROP_ACL Procedure

Note:

This procedure is deprecated in Oracle Database 12c. The procedure remains available in the package only for reasons of backward compatibility.

This procedure drops an access control list (ACL).

Parameters

Table 101-15 DROP_ACL Procedure Parameters

Parameter	Description
acl	Name of the ACL. Relative path will be relative to '/sys/acls'.

REMOVE_HOST_ACE Procedure

This procedure removes privileges from access control entries (ACE) in the access control list (ACL) of a network host matching the given ACE.

Parameters

Table 101-16 REMOVE_HOST_ACE Function Parameters

Parameter	Description
host	The host, which can be the name or the IP address of the host. You can use a wildcard to specify a domain or a IP subnet. The host or domain name is case-insensitive.
lower_port	Lower bound of an optional TCP port range
upper_port	Upper bound of an optional TCP port range. If NULL, lower_port is assumed.
ace	The ACE
remove_empty_acl	Whether to remove the ACL when it becomes empty when the ACE is removed

Usage Notes

If the ACL is shared with another host or wallet, a copy of the ACL is made before the ACL is modified.

REMOVE_WALLET_ACE Procedure

This procedure removes privileges from access control entries (ACE) in the access control list (ACL) of a wallet matching the given ACE.

Parameters

Table 101-17 REMOVE_WALLET_ACE Function Parameters

Parameter	Description
wallet_path	Directory path of the wallet. The path is case-sensitive of the format file:directory-path.
ace	The ACE
remove_empty_acl	Whether to remove the ACL when it becomes empty when the ACE is removed

Usage Notes

If the ACL is shared with another host or wallet, a copy of the ACL is made before the ACL is modified.

SET_HOST_ACL Procedure

This procedure sets the access control list (ACL) of a network host which controls access to the host from the database.

Parameters

Table 101-18 SET_HOST_ACL Function Parameters

Parameter	Description
host	The host, which can be the name or the IP address of the host. You can use a wildcard to specify a domain or a IP subnet. The host or domain name is case-insensitive.
lower_port Bfme 1 elvenstar mod crack indir. They are only 490 with the 3 wells instead of 700! Next build as many elven archers as possible. After, get the fire arrow upgrade and upgade your elves first. Use then for recon or just to gaurd your base.	Lower bound of an optional TCP port range
upper_port	Upper bound of an optional TCP port range. If NULL, lower_port is assumed.
acl	The ACL. NULL to unset the host's ACL.

Usage Notes

A host's ACL is created and set on-demand when an access control entry (ACE) is appended to the host's ACL. Users are discouraged from setting a host's ACL manually.

SET_WALLET_ACL Procedure

This procedure sets the access control list (ACL) of a wallet which controls access to the wallet from the database.

Parameters

Table 101-19 SET_WALLET_ACL Function Parameters

Parameter	Description
wallet_path	Directory path of the wallet. The path is case-sensitive of the format file:directory-path.
acl	The ACL. NULL to unset the host's ACL.

Usage Notes

A wallet's ACL is created and set on-demand when an access control entry (ACE) is appended to the wallet's ACL. Users are discouraged from setting a wallet's ACL manually.

UNASSIGN_ACL Procedure

Note:

This procedure is deprecated in Oracle Database 12c. While the procedure remains available in the package for reasons of backward compatibility, Oracle recommends using the REMOVE_HOST_ACE Procedure and the REMOVE_WALLET_ACE Procedure.

This procedure unassigns the access control list (ACL) currently assigned to a network host.

Parameters

Table 101-20 UNASSIGN_ACL Function Parameters

Parameter	Description
acl	Name of the ACL. Relative path will be relative to '/sys/acls'. If ACL is NULL, any ACL assigned to the host is unassigned.
host	Host from which the ACL is to be removed. The host can be the name or the IP address of the host. A wildcard can be used to specify a domain or a IP subnet. The host or domain name is case-insensitive. If host is NULL, the ACL will be unassigned from any host. If both host and acl are NULL, all ACLs assigned to any hosts are unassigned.
lower_port	Lower bound of a TCP port range if not NULL
upper_port	Upper bound of a TCP port range. If NULL, lower_port is assumed.

UNASSIGN_WALLET_ACL Procedure

Note:

This procedure is deprecated in Oracle Database 12c. While the procedure remains available in the package for reasons of backward compatibility, Oracle recommends using the REMOVE_HOST_ACE Procedure and the REMOVE_WALLET_ACE Procedure.

This procedure unassigns the access control list (ACL) currently assigned to a wallet.

Parameters

Table 101-21 UNASSIGN_WALLET_ACL Procedure Parameters

Parameter	Description
acl	Name of the ACL. Relative path will be relative to '/sys/acls'. If acl is NULL, any ACL assigned to the wallet is unassigned
wallet_path	Directory path of the wallet to which the ACL is assigned. The path is case-sensitive and of the format file:directory-path. If both acl and wallet_path are NULL, all ACLs assigned to any wallets are unassigned.