Community Learn Tools Library Leisure
search
English
Home > Database > Mysql Tutorial > body text

Oracle ACL(Access Control List)

WBOY
Release: 2016-06-07 15:49:47
Original
1131 people have browsed it

欢迎进入Oracle社区论坛,与200万技术人员互动交流 >>进入 Oracle ACL(Access Control List) 在oralce 11g中假如你想获取server的ip或者hostname,执行如下语句 1 2 3 SELECT utl_inaddr.get_host_address FROM dual; //获取IP SELECT utl_inaddr.get_host_na

欢迎进入Oracle社区论坛,与200万技术人员互动交流 >>进入

  Oracle ACL(Access Control List)

  在oralce 11g中假如你想获取server的ip或者hostname,执行如下语句

1

2

3

<font face="NSimsun">SELECT</font> utl_inaddr.get_host_address FROM <font face="NSimsun">dual;  //获取IP </font>

<font face="NSimsun"> </font> 

<font face="NSimsun">SELECT</font>  utl_inaddr.get_host_name FROM <font face="NSimsun">dual; //获取host 名字</font>

  如果在oracle 9i中能够正常执行,但在11g中你可能会得到一个莫名其妙的错误提示:

  ORA-24247: network access denied by access control list(ACL)

  你可能马上想到是需要啥额外的权限,而我们平时赋予权限一般是grant XXX to user_name;但你找不到有啥跟ACL对应的权限.

  实际上这里确实需要额外权限,但赋予权限的方式相当变态,跟grant的方式太不一样了.

  细粒度访问网络服务

  为了更细致的控制网络权限,Oracle 11g中针对这么几个PL/SQL API(UTL_TCP, UTL_SMTP, UTL_MAIL, UTL_HTTP和 UTL_INADDR)的访问设置了单独的权限访问控制方式.

  其中UTL_SMTP,UTL_MAIL是跟邮件相关的,比如你可以在触发器中设定当在某些表中做插入删除操作时就发个邮件知识某个负责人.

  赋予权限

  假如要给用户赋予访问上面提到的那些函数咋整呢? 要通过如下的一段pl/sql语句

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

<font face="NSimsun">BEGIN</font>

<font face="NSimsun"> </font> 

DBMS_NETWORK_ACL_ADMIN.CREATE_ACL(acl => 'abc.xml', --这个xml文件名字随便取的,但不同出现同名的情况

<font face="NSimsun"> </font> 

description => 'ACL list',

<font face="NSimsun"> </font> 

principal => 'ARWEN', --表示赋予权限给哪个用户

<font face="NSimsun"> </font> 

is_grant => true, --为true表示赋予权限,如果是false相当取消权限

<font face="NSimsun"> </font> 

privilege => 'connect');

<font face="NSimsun"> </font> 

DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(acl => 'abc.xml',

<font face="NSimsun"> </font> 

principal => 'ARWEN',

<font face="NSimsun"> </font> 

is_grant => true,

<font face="NSimsun"> </font> 

privilege => 'resolve');

<font face="NSimsun"> </font> 

DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL(acl => 'abc.xml',

<font face="NSimsun"> </font> 

host => 'Oracle_Host_name'); --因为那些网络操作的权限是针对某一个server的,所以这里是指定一台机器的名字

<font face="NSimsun"> </font> 

END;

  如果要删除上面的控制列表

1

2

3

4

5

<font face="NSimsun">BEGIN</font>

<font face="NSimsun"> </font> 

DBMS_NETWORK_ACL_ADMIN.drop_acl ( acl => 'abc.xml');

<font face="NSimsun"> </font> 

END;

  删除这个列表,那用些列表赋予权限的那些用户自然也被取消相应的权限了.

Oracle ACL(Access Control List)

Related labels:
access acl control list oracle
source:php.cn
Previous article:cocos2dx 3.1.1学习笔记 中文字符的使用 Next article:VC下利用ADO访问Access数据库(Use ADO)(转载)
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Articles by Author
Latest Issues
How to render data through DOM instead of through table I have a question about an application I'm creating, I'm using an Oracle database and I'm ...
From 2024-04-04 18:17:27
0
1
3567
Related Topics
More>
Popular Recommendations
Popular Tutorials
More>
Related Tutorials
Popular Recommendations
Latest courses
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template