| Oracle® Database PL/SQL Packages and Types Reference 11g Release 1 (11.1.) Part Number B28419-02 |
|
|
View PDF |
| Oracle® Database PL/SQL Packages and Types Reference 11g Release 1 (11.1.) Part Number B28419-02 |
|
|
View PDF |
The DBMS_NETWORK_ACL_UTILITY package provides utilities to the interface for administering the network Access Control List (ACL).
See Also:
For more information, see "Managing Fine-grained Access to External Network Services" in Oracle Database Security GuideThe chapter contains the following topics:
The DOMAINS Function in this package returns all the domains a host belongs to. It can be used in conjunction with the CHECK_PRIVILEGE_ACLID Function in the DBMS_NETWORK_ACL_ADMIN pacakge to determine the privilege assignments affecting a user's permission to access a network host. The function DOMAIN_LEVEL Function in this package returns the level of each domain and can be used to order the ACL assignments by their precedence.
Example 1
For example, for SCOTT's permission to connect to www.us.oracle.com:
SELECT host, lower_port, upper_port, acl,
DECODE(
DBMS_NETWORK_ACL_ADMIN.CHECK_PRIVILEGE_ACLID(aclid, 'SCOTT', 'connect'),
1, 'GRANTED', 0, 'DENIED', null) privilege
FROM dba_network_acls
WHERE host IN
(SELECT * FROM
TABLE(DBMS_NETWORK_ACL_UTILITY.DOMAINS('www.us.oracle.com')))
ORDER BY DBMS_NETWORK_ACL_UTLITITY.DOMAIN_LEVEL(host) desc, lower_port,
upper_port;
HOST LOWER_PORT UPPER_PORT ACL PRIVILEGE
-------------------- ---------- ---------- -------------------- ---------
www.us.oracle.com 80 80 /sys/acls/www.xml GRANTED
www.us.oracle.com 3000 3999 /sys/acls/www.xml GRANTED
www.us.oracle.com /sys/acls/www.xml GRANTED
*.oracle.com /sys/acls/all.xml
* /sys/acls/all.xml
Example 2
For example, for SCOTT's permission to do domain name resolution for www.us.oracle.com:
SELECT host, lower_port, upper_port, acl,
DECODE(
DBMS_NETWORK_ACL_ADMIN.CHECK_PRIVILEGE_ACLID(aclid, 'SCOTT', 'resolve'),
1, 'GRANTED', 0, 'DENIED', null) privilege
FROM dba_network_acls
WHERE host IN
(SELECT * FROM
TABLE(DBMS_NETWORK_ACL_UTILITY.DOMAINS('www.us.oracle.com'))) and
lower_port IS NULL AND upper_port IS NULL
ORDER BY DBMS_NETWORK_ACL_UTILITY.DOMAIN_LEVEL(host) desc;
HOST LOWER_PORT UPPER_PORT ACL PRIVILEGE
-------------------- ---------- ---------- -------------------- ---------
www.us.oracle.com /sys/acls/www.xml GRANTED
*.oracle.com /sys/acls/all.xml
* /sys/acls/all.xml
Note that the "resolve" privilege takes effect only in ACLs assigned without any port range (when lower_port and upper_port are NULL). For this reason, we do not include lower_port and upper_port columns in the query.
Table 81-1 DBMS_NETWORK_ACL_UTILITY Package Subprograms
| Subprogram | Description |
|---|---|
| DOMAIN_LEVEL Function |
Returns the domain level of the given host name, domain, or subnet |
| DOMAINS Function |
For a given host, this function returns the domains whose ACL assigned will be used to determine if a user has the privilege to access the given host or not. |
This function returns the domain level of the given host name, domain, or subnet.
Syntax
DBMS_NETWORK_ACL_UTILITY.DOMAIN_LEVEL (
host IN VARCHAR2)
RETURN NUMBER;
Parameters
Table 81-2 DOMAIN_LEVEL Function Parameters
| Parameter | Description |
|---|---|
host |
Network host, domain, or subnet |
Return Values
The domain level of the given host, domain, or subnet.
Examples
SELECT DBMS_NETWORK_ACL_UTILITY.DOMAIN_LEVEL('www.us.oracle.com') FROM DUAL;
For a given host, this function returns the domains whose ACL assigned will be used to determine if a user has the privilege to access the given host or not. When the IP address of the host is given, return the subnets instead.
Syntax
DBMS_NETWORK_ACL_UTILITY.DOMAINS (
host IN VARCHAR2)
RETURN DOMAIN_TABLE PIPELINED;
Parameters
Return Values
The domains or subnets for the given host.
Examples
SELECT * FROM TABLE (DBMS_NETWORK_ACL_UTILITY.DOMAINS('www.us.oracle.com'));
