Edit D:\app\Administrator\product\11.2.0\dbhome_1\apex\images\doc\sec_network_services.htm
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=us-ascii" /> <meta http-equiv="Content-Style-Type" content="text/css" /> <meta http-equiv="Content-Script-Type" content="text/javascript" /> <title>Enabling Network Services in Oracle Database 11g</title> <meta name="generator" content="Oracle DARB XHTML Converter (Mode = ohj/ohw) - Version 5.1" /> <meta name="date" content="2009-04-14T16:11:31Z" /> <meta name="robots" content="noarchive" /> <meta name="doctitle" content="Enabling Network Services in Oracle Database 11g" /> <meta name="relnum" content="Release 3.2" /> <meta name="partnum" content="E11947-01" /> <link rel="copyright" href="dcommon/html/cpyr.htm" title="Copyright" type="text/html" /> <link rel="stylesheet" href="dcommon/css/blafdoc.css" title="Oracle BLAFDoc" type="text/css" /> <link rel="contents" href="toc.htm" title="Contents" type="text/html" /> <link rel="up" href="preface.htm" title="Home" type="text/html" /> <link rel="up" href="sec.htm" title="Managing Application Security" type="text/html" /> <link rel="up" href="sec_admin.htm" title="Understanding Administrator..." type="text/html" /> <link rel="up" href="sec_network_services.htm" title="Enabling Network Services i..." type="text/html" /> <link rel="prev" href="sec_session_timeout.htm" title="Previous" type="text/html" /> <link rel="next" href="sec_dev.htm" title="Next" type="text/html" /> </head> <body> <p id="BREADCRUMBING"><a href="preface.htm" title="Home">Home</a> > <a href="sec.htm" title="Managing Application Security">Managing Application Security</a> > <a href="sec_admin.htm" title="Understanding Administrator...">Understanding Administrator...</a> > Enabling Network Services i...</p> <table class="simple oac_no_warn" summary="" cellspacing="0" cellpadding="0" width="100%"> <col width="86%" /> <col width="*" /> <tr valign="bottom"> <td align="left"></td> <td align="center"><a href="sec_session_timeout.htm"><img src="dcommon/gifs/leftnav.gif" alt="Previous" /><br /> <span class="icon">Previous</span></a> </td> <td align="center"><a href="sec_dev.htm"><img src="dcommon/gifs/rightnav.gif" alt="Next" /><br /> <span class="icon">Next</span></a></td> </tr> </table> <p><a id="BGEJJIHE" name="BGEJJIHE"></a></p> <div class="sect2"> <h1><a name="HTMDB12006|grant connect privilege to host for FLOWS_020200 database user"></a>Enabling Network S<a id="sthref1935" name="sthref1935"></a><a id="sthref1936" name="sthref1936"></a><a id="sthref1937" name="sthref1937"></a><a id="sthref1938" name="sthref1938"></a><a id="sthref1939" name="sthref1939"></a><a id="sthref1940" name="sthref1940"></a><a id="sthref1941" name="sthref1941"></a>ervices in Oracle Database 11<span class="italic">g</span></h1> <p>By default, the ability to interact with network services is disabled in Oracle Database 11<span class="italic">g</span> release 1 (11.1). Therefore, if you are running Oracle Application Express with Oracle Database 11<span class="italic">g</span> release 1 (11.1), you must use the new <code>DBMS_NETWORK_ACL_ADMIN</code> package to grant connect privileges to any host for the <code>APEX_030200</code> database user. Failing to grant these privileges results in issues with:</p> <ul> <li> <p>Sending outbound mail in Oracle Application Express.</p> <p>Users can call methods from the <code>APEX_MAIL</code> package, but issues arise when sending outbound email.</p> </li> <li> <p>Using Web services in Oracle Application Express.</p> </li> <li> <p>PDF/report printing.</p> </li> <li> <p>Searching for content in online Help (that is, using the Find link).</p> </li> </ul> <a id="sthref1942" name="sthref1942"></a> <p class="subhead2">Topics:</p> <ul> <li> <p><a href="#BHADHHFH">Granting Connect Privileges to a Host</a></p> </li> <li> <p><a href="#CHDDHJFD">Granting Connect Privileges to a Local Host</a></p> </li> <li> <p><a href="#BHAGIHIB">Troubleshooting an Invalid ACL Error</a></p> </li> </ul> <div align="center"> <div class="inftblnotealso"><br /> <table class="NoteAlso oac_no_warn" summary="" cellpadding="3" cellspacing="0"> <tbody> <tr> <td align="left"> <p class="notep1">Tip:</p> To run the examples described in this section, the compatible initialization parameter of the database must be set to at least 11.1.0.0.0. By default an 11<span class="italic">g</span> database will have the parameter set properly, but a database upgraded to 11<span class="italic">g</span> from a prior version may not. See "Creating and Configuring an Oracle Database" in <span class="italic"><a href="http://www.oracle.com/pls/db112/lookup?id=ADMIN002">Oracle Database Administrator's Guide</a></span> for information about changing database initialization parameters.</td> </tr> </tbody> </table> <br /></div> <!-- class="inftblnotealso" --></div> <a id="BHADHHFH" name="BHADHHFH"></a> <div class="sect3"> <h2><a name="HTMDB25751" id="HTMDB25751"></a>Granting Connect Privileges to a Host</h2> <p>The following example demonstrates how to grant connect privileges to a host for the <code>APEX_030200</code> database user.</p> <pre xml:space="preserve" class="oac_no_warn"> DECLARE ACL_PATH VARCHAR2(4000); ACL_ID RAW(16); BEGIN -- Look for the ACL currently assigned to '*' and give APEX_030200 -- the "connect" privilege if APEX_030200 does not have the privilege yet. SELECT ACL INTO ACL_PATH FROM DBA_NETWORK_ACLS WHERE HOST = '*' AND LOWER_PORT IS NULL AND UPPER_PORT IS NULL; -- Before checking the privilege, make sure that the ACL is valid -- (for example, does not contain stale references to dropped users). -- If it does, the following exception will be raised: -- -- ORA-44416: Invalid ACL: Unresolved principal 'APEX_030200' -- ORA-06512: at "XDB.DBMS_XDBZ", line ... -- SELECT SYS_OP_R2O(extractValue(P.RES, '/Resource/XMLRef')) INTO ACL_ID FROM XDB.XDB$ACL A, PATH_VIEW P WHERE extractValue(P.RES, '/Resource/XMLRef') = REF(A) AND EQUALS_PATH(P.RES, ACL_PATH) = 1; DBMS_XDBZ.ValidateACL(ACL_ID); IF DBMS_NETWORK_ACL_ADMIN.CHECK_PRIVILEGE(ACL_PATH, 'APEX_030200', 'connect') IS NULL THEN DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(ACL_PATH, 'APEX_030200', TRUE, 'connect'); END IF; EXCEPTION -- When no ACL has been assigned to '*'. WHEN NO_DATA_FOUND THEN DBMS_NETWORK_ACL_ADMIN.CREATE_ACL('power_users.xml', 'ACL that lets power users to connect to everywhere', 'APEX_030200', TRUE, 'connect'); DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL('power_users.xml','*'); END; / COMMIT; </pre></div> <!-- class="sect3" --> <a id="CHDDHJFD" name="CHDDHJFD"></a> <div class="sect3"> <h2><a name="HTMDB25752" id="HTMDB25752"></a>Granting Connect Privileges to a Local Host</h2> <p>The following example is a less privileged demonstration of how to access resources on a local host. This example would enable indexing of Oracle Application Express Online Help and could possibly enable email and PDF printing if those servers were also on the local host.</p> <pre xml:space="preserve" class="oac_no_warn"> DECLARE ACL_PATH VARCHAR2(4000); ACL_ID RAW(16); BEGIN -- Look for the ACL currently assigned to 'localhost' and give APEX_030200 -- the "connect" privilege if APEX_030200 does not have the privilege yet. SELECT ACL INTO ACL_PATH FROM DBA_NETWORK_ACLS WHERE HOST = 'localhost' AND LOWER_PORT IS NULL AND UPPER_PORT IS NULL; -- Before checking the privilege, make sure that the ACL is valid -- (for example, does not contain stale references to dropped users). -- If it does, the following exception will be raised: -- -- ORA-44416: Invalid ACL: Unresolved principal 'APEX_030200' -- ORA-06512: at "XDB.DBMS_XDBZ", line ... -- SELECT SYS_OP_R2O(extractValue(P.RES, '/Resource/XMLRef')) INTO ACL_ID FROM XDB.XDB$ACL A, PATH_VIEW P WHERE extractValue(P.RES, '/Resource/XMLRef') = REF(A) AND EQUALS_PATH(P.RES, ACL_PATH) = 1; DBMS_XDBZ.ValidateACL(ACL_ID); IF DBMS_NETWORK_ACL_ADMIN.CHECK_PRIVILEGE(ACL_PATH, 'APEX_030200', 'connect') IS NULL THEN DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(ACL_PATH, 'APEX_030200', TRUE, 'connect'); END IF; EXCEPTION -- When no ACL has been assigned to 'localhost'. WHEN NO_DATA_FOUND THEN DBMS_NETWORK_ACL_ADMIN.CREATE_ACL('local-access-users.xml', 'ACL that lets power users to connect to everywhere', 'APEX_030200', TRUE, 'connect'); DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL('local-access-users.xml','localhost'); END; / COMMIT; </pre></div> <!-- class="sect3" --> <a id="BHAGIHIB" name="BHAGIHIB"></a> <div class="sect3"> <h2><a name="HTMDB25753" id="HTMDB25753"></a>Troubleshooting an Invalid ACL Error</h2> <p>If you receive an <code>ORA-44416: Invalid ACL</code> error after running the previous script, use the following query to identify the invalid ACL:</p> <pre xml:space="preserve" class="oac_no_warn"> REM Show the dangling references to dropped users in the ACL that is assigned REM to '*'. SELECT ACL, PRINCIPAL FROM DBA_NETWORK_ACLS NACL, XDS_ACE ACE WHERE HOST = '*' AND LOWER_PORT IS NULL AND UPPER_PORT IS NULL AND NACL.ACLID = ACE.ACLID AND NOT EXISTS (SELECT NULL FROM ALL_USERS WHERE USERNAME = PRINCIPAL); </pre> <p>Next, run the following code to fix the ACL:</p> <pre xml:space="preserve" class="oac_no_warn"> DECLARE ACL_ID RAW(16); CNT NUMBER; BEGIN -- Look for the object ID of the ACL currently assigned to '*' SELECT ACLID INTO ACL_ID FROM DBA_NETWORK_ACLS WHERE HOST = '*' AND LOWER_PORT IS NULL AND UPPER_PORT IS NULL; -- If just some users referenced in the ACL are invalid, remove just those -- users in the ACL. Otherwise, drop the ACL completely. SELECT COUNT(PRINCIPAL) INTO CNT FROM XDS_ACE WHERE ACLID = ACL_ID AND EXISTS (SELECT NULL FROM ALL_USERS WHERE USERNAME = PRINCIPAL); IF (CNT > 0) THEN FOR R IN (SELECT PRINCIPAL FROM XDS_ACE WHERE ACLID = ACL_ID AND NOT EXISTS (SELECT NULL FROM ALL_USERS WHERE USERNAME = PRINCIPAL)) LOOP UPDATE XDB.XDB$ACL SET OBJECT_VALUE = DELETEXML(OBJECT_VALUE, '/ACL/ACE[PRINCIPAL="'||R.PRINCIPAL||'"]') WHERE OBJECT_ID = ACL_ID; END LOOP; ELSE DELETE FROM XDB.XDB$ACL WHERE OBJECT_ID = ACL_ID; END IF; END; / REM commit the changes. COMMIT; </pre> <p>Once the ACL has been fixed, you must run the first script in this section to apply the ACL to the <code>APEX_030200</code> user. See <a href="#BHADHHFH">"Granting Connect Privileges to a Host"</a>.</p> </div> <!-- class="sect3" --></div> <!-- class="sect2" --> <!-- class="sect1" --> <!-- Start Footer --> <div class="footer"> <table class="simple oac_no_warn" summary="" cellspacing="0" cellpadding="0" width="100%"> <col width="86%" /> <col width="*" /> <tr> <td align="left"><span class="copyrightlogo">Copyright © 2003, 2009, Oracle and/or its affiliates. All rights reserved.</span><br /> <a href="dcommon/html/cpyr.htm"><span class="copyrightlogo">Legal Notices</span></a></td> <td align="center"><a href="sec_session_timeout.htm"><img src="dcommon/gifs/leftnav.gif" alt="Previous" /><br /> <span class="icon">Previous</span></a> </td> <td align="center"><a href="sec_dev.htm"><img src="dcommon/gifs/rightnav.gif" alt="Next" /><br /> <span class="icon">Next</span></a></td> </tr> </table> </div> <!-- class="footer" --> </body> </html>
Ms-Dos/Windows
Unix
Write backup
jsp File Browser version 1.2 by
www.vonloesch.de