OraExplorer » Programming

Oct 06 2009

The Access Control Lists to Network Services (e.g., UTL_HTTP, UTL_SMTP, UTL_TCP, etc.) in Oracle 11g

Category: 11g,Database,PL/SQL — ittichai @ 8:43 pm

This is one of the 11g features I read it once when it was first released but did not see its significance until now. Last week we just migrated an application from 9i to 11g. During a test of the send mail package using UTL_SMTP, we got this error, “ORA-24247: network access denied by access control list (ACL).” After a quick search, I’m in luck because I found a lot of articles written about this new 11g feature. However, I particularly find these two well-written concepts and samples from Arup Nanda’s Access Control Lists for UTL_TCP/HTTP/SMTP and Oracle-Base’s Fine-Grained Access to Network Services in Oracle Database 11g Release 1 very helpful.

My sample here is from our test case:

1. The send mail package which executes the UTL_SMTP failed.

TEST_USER SQL> exec pkg_LoadStatus.SendMail('user@company.com', 'Test Subject', 'Hello World');

ORA-24247: network access denied by access control list (ACL)
ORA-06512: at "SYS.UTL_TCP", line 17
ORA-06512: at "SYS.UTL_TCP", line 246
ORA-06512: at "SYS.UTL_SMTP", line 115
ORA-06512: at "SYS.UTL_SMTP", line 138
ORA-06512: at "pkg_LoadStatus", line 283
ORA-06512: at line 3

2. To fix it, an ACL has to be created.

The principal is the user or role to be added into this ACL. In this case, the TEST_USER account is added during the ACL creation. This field is case sensitive.

SQL> connect / as sysdba

begin
dbms_network_acl_admin.create_acl (
acl             => 'Mail_UTL_Access.xml',
description     => 'Mail UTL Network Access',
principal       => 'TEST_USER',
is_grant        => TRUE,
privilege       => 'connect',
start_date      => null,
end_date        => null
);

commit;
end;
/

The description of each variable is clearly described in the Oracle-Base’s article.

3. Verify a newly-created ACL.

SQL> SELECT any_path
     FROM resource_view
     WHERE any_path like '/sys/acls/%.xml';

ANY_PATH
--------------------------------------------------------------------------------
/sys/acls/Mail_UTL_Access.xml
/sys/acls/OLAP_XS_ADMIN/OLAP_XS_ADMIN602a67cf3684e24e04403ba6c65c6_acl.xml
/sys/acls/OLAP_XS_ADMIN/OLAP_XS_ADMIN602a67cf36e4e24e04403ba6c65c6_acl.xml
/sys/acls/OLAP_XS_ADMIN/OLAP_XS_ADMIN602a67cf3724e24e04403ba6c65c6_acl.xml
/sys/acls/OLAP_XS_ADMIN/OLAP_XS_ADMIN602a67cf3764e24e04403ba6c65c6_acl.xml
/sys/acls/all_all_acl.xml
/sys/acls/all_owner_acl.xml
/sys/acls/bootstrap_acl.xml
/sys/acls/ro_all_acl.xml
/sys/acls/ro_anonymous_acl.xml

4. Optionally you can add more users or roles into this ACL by using the add_privilege procedure. This is similar to the create_acl procedure except no description. Sample shown here is to add ADMIN_ADMIN_ROLE role.

begin
dbms_network_acl_admin.add_privilege (
acl           => 'Mail_UTL_Access.xml',
principal     => 'APP_ADMIN_ROLE',
is_grant      => TRUE,
privilege     => 'connect',
start_date    => null,
end_date      => null);

commit;
end;
/

5. Add a host and port range allowed.

begin
dbms_network_acl_admin.assign_acl (
acl           => 'Mail_UTL_Access.xml',
host          => 'smtp.company.com',
lower_port    => 1,
upper_port    => 1024);

commit;
end;
/

6. Test the send mail package again. This time there is no error, and the recipient receives email.

TEST_USER SQL> exec pkg_LoadStatus.SendMail('user@company.com', 'Test Subject', 'Hello World');

PL/SQL procedure successfully completed

Tags: 11g, ACL, Network Service, UTL_HTTP, UTL_SMTP, UTL_TCP

Comments (1)

Mar 27 2009

ILovePLSQLAnd.net

Category: PL/SQL — ittichai @ 4:03 pm

Steven Feuerstein created this “I LOVE PL/SQL, AND…” web site at ILovePLSQLAnd.net with the intention to collect the list of gaps/issues PL/SQL (his passion) currently has. In his recent post, he met with the PL/SQL developers at Oracle headquarter, and received confirmation that they really listen to inputs from his web site.

Sharing the same passion for PL/SQL, I’d like to help spreading the word about this effort. Please visit ILovePLSQLAnd.net, and give your inputs or vote on the enhancements you feel would benefit you the most.

The fine print here is that there is no gaurantee, but you never know; your small voice can make a big difference.

Tags: PL/SQL, web site

Comments (0)

Jan 22 2009

Good whitepaper “For Developers: Making Friends with the Oracle Database”

Category: Database,Programming — ittichai @ 2:34 pm

I just read a good whitepaper titled “For Developers: Making Friends with the Oracle Database” by Cary Millsap. Cary makes an excellent point that most developers think of database as a black box. However, by progressively understanding Oracle kernel little by little, they can improve performance of their queries dramatically. I appreciate the way Cary explains how to read trace files. As well, he provides instructions for needed tools to accomplish the tasks.

Tags: developer, whitepaper

Comments (0)

Sep 15 2008

Programming for kids

Category: Kids,Programming — ittichai @ 7:53 pm

I’ve been looking for a way to help my kid learning computer programming. My daughter and I tried out the trial version of “Phrogram” which is listed in the top hits when googling for “kid programming”. It is nice, well-made and powerful by just looking at provided samples. Its look & feel and language look a lot like Visual Basic. But I think it is still considered as intermediate to advanced levels because you have to know syntaxes and actually typing them in. It would be definitely something I’d like her to learn if she grows up a little bit.

This week, I ran into this new open-source programming for kids called “Scratch” by MIT Media Lab. Not only word “open source” interests me, the drag-n-drop feature makes it a lot easier to learn programming. Even though this is not really focusing on computer language learning, it, instead, emphasizes on developing design process skill which I think it is better in a long-term because it can universally apply not only to all programming languages but also other areas related to mathematic and science.

The other nice thing is the ability to upload and share your project on the web site.

Tags: Programming

Comments (0)

Jun 09 2008

Statistic Calculation – DBMS_STAT_FUNCS

Category: PL/SQL,Programming — ittichai @ 9:30 pm

Currently I’m working on a project dealing with lot of statistic calculations particularly that of quartiles. First, I have no idea what it is. Thanks to Wiki for explanation. Now the tough part is to do the actual calculation. Fortunately, Oracle provides DBMS_STAT_FUNCS which is exactly what I’m looking for.

List of available calculations -

TYPE summaryType IS RECORD (
count             NUMBER,
min               NUMBER,
max               NUMBER,
range             NUMBER,
mean              NUMBER,
cmode             num_table,
variance          NUMBER,
stddev            NUMBER,
quantile_5        NUMBER,
quantile_25       NUMBER,
median            NUMBER,
quantile_75       NUMBER,
quantile_95       NUMBER,
plus_x_sigma      NUMBER,
minus_x_sigma     NUMBER,
extreme_values    num_table,
top_5_values      n_arr,
bottom_5_values   n_arr);

Sample -

set serveroutput on;
DECLARE
sfsumtype dbms_stat_funcs.summaryType;
BEGIN
dbms_stat_funcs.summary(p_ownername=>'SCHEMA_NAME',
                     p_tablename=>'TABLE_NAME',
                     p_columnname=>'COLUMN_NAME',
                     s=>sfsumtype);
dbms_output.put_line('Quantile 5   => ' || sfsumtype.quantile_5);
dbms_output.put_line('Quantile 25  => ' || sfsumtype.quantile_25);
dbms_output.put_line('Median       => ' || sfsumtype.median);
dbms_output.put_line('Quantile 75  => ' || sfsumtype.quantile_75);
dbms_output.put_line('Quantile 95  => ' || sfsumtype.quantile_95);
END;
/

Tags: dbms, statistic

Comments (0)