Oracle Database

Setting up Network ACLs in Oracle 11g… For Dummies

by Don Seiler
1 min read
Jul 24, 2009 12:00:00 AM

Having recently performed a test upgrade for a client from Oracle RDBMS 10g to 11g, I can tell you that one of the big changes that will likely require action on your part as DBA is the new fine-grained access control for the packages UTL_SMTP, UTL_TCP, UTL_MAIL, UTL_HTTP and UTL_INADDR. Part of the Oracle 11g pre-upgrade tool will notify you of users that will require new privileges.

The Shift to Fine-Grained Access Control

Of course, Oracle’s post-upgrade network ACL setup documentation is much more confusing than it needs to be, at least for simple minds like me. A colleague stepped forward with a simple set of commands for a basic setup that even the tired and stressed can understand.

Implementing a Basic ACL Configuration

Step-by-Step PL/SQL Example

I’ll share that here, with some basic explanation:

BEGIN   -- Create the new ACL, naming it "netacl.xml", with a description.   -- Also, provide one starter privilege, granting user FOO   -- the privilege to connect.   DBMS_NETWORK_ACL_ADMIN.CREATE_ACL('netacl.xml',        'Allow usage to the UTL network packages', 'FOO', TRUE, 'connect');    -- Now grant privilege to resolve DNS names for FOO,   -- and then grant connect and resolve to user BAR   DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE('netacl.xml' ,'FOO', TRUE, 'resolve');   DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE('netacl.xml' ,'BAR', TRUE, 'connect');   DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE('netacl.xml' ,'BAR', TRUE, 'resolve');    -- Specify which hosts this ACL applies to,   -- for simplicity, we're saying all (*)   -- You might want to specify certain hosts to lock this down.   DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL('netacl.xml','*'); END; /

Managing Connectivity and Scope

As you can see, this example will let the FOO and BAR database users connect and resolve to any host. The ASSIGN_ACL section in the full package documentation (see link below) details how this can be used to lock down a user’s ability to make outside connections.

Of course, nothing beats reading the Oracle 11g DBMS_NETWORK_ACL_ADMIN documentation, where you can see some examples of stricter ACL setups.

Oracle Database Consulting Services

Ready to optimize your Oracle Database for the future?
On this page
How To Access MySQL from Oracle With ODBC and SQL
MySQL

How To Access MySQL from Oracle With ODBC and SQL

Mar 13, 2009 12:00:00 AM 5 min read
Disabling Triggers in Oracle 11.2.0.4
Oracle

Disabling Triggers in Oracle 11.2.0.4

Jan 8, 2014 12:00:00 AM 7 min read
Oracle 11g -- Audit Enabled by Default, But What About Purging?
Oracle

Oracle 11g -- Audit Enabled by Default, But What About Purging?

Jul 3, 2008 12:00:00 AM 2 min read

Ready to unlock value from your data?

With Pythian, you can accomplish your data transformation goals and more.

Speak with Pythian consultants now →

Follow Us     Pythian-LinkedIn   Pythian-Twitter   Pythian-FB

 

Pythian-logo-White

© 2026 All rights reserved.