 |
 |
*****************************************************************************
* Description: Config Oracle UTL_MAIL package, and access control list [ACL]
* Date: 04:27 PM EST, 09/21/2018
*****************************************************************************
<1> Network Access Control List:
|
|__ o. A network access control list (ACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets.
| You might set up network ACLs with rules similar to your security groups in order to add an additional layer of security to your VPC.
|
|__ o. One database can have multiple ACL, but one target host can only have one ACL.
<2> Install UTL_MAIL Package as SYSDBA:
|
|__ CMD> sqlplus / as sysdba
|
|__ SQL> @?/rdbms/admin/utlmail.sql
|
|__ SQL> @?/rdbms/admin/prvtmail.plb
<3> Grant Execute Permission to Individual User:
|
|__ SQL> grant execute on UTL_MAIL TO User_1;
grant execute on UTL_MAIL TO User_2;
<4> Setting Oracle database parameter for database to be aware of SMTP server:
|
|__ SQL> alter system set SMTP_OUT_SERVER='UTILITIES.emeralit.local';
alter system set SMTP_OUT_SERVER='PCASW1P.FFNET.LOCAL:587';
<5> Sample PL\SQL Code for Sending Email via UTL_MAIL package:
|
|__ SQL> BEGIN
UTL_MAIL.send(
sender => 'email@emeralit.com',
recipients => 'amos.geng@emeralit.com',
cc => '',
bcc => '',
subject => 'UTL_MAIL Test',
message => 'If you get this message it worked!'
);
END;
/
<6> If the error "ORA-24247: network access denied by access control list (ACL)" coming up, please following below procedure to create ACL.
<7> Creating ACL in Oracle database. The principal could be a role:
|
|__ SQL> BEGIN
DBMS_NETWORK_ACL_ADMIN.CREATE_ACL (
acl => 'ACL_NAME.xml',
description => 'ACL_DESCRIPTION',
principal => 'DB_USERNAME_1_AS_ACL_OWNER',
is_grant => TRUE,
privilege => 'connect',
start_date => null,
end_date => null
);
END;
/
<8> Adding more username or privilege to exsiting ACL:
|
|__ SQL> BEGIN
DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(
acl => 'ACL_NAME.xml',
principal => 'DB_USERNAME_2_AS_ACL_OWNER',
is_grant => true,
privilege => 'connect'
);
END;
/
<9> Assigning ACL to an existing network resource:
|
|__ SQL> BEGIN
DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL (
acl => 'ACL_NAME.xml',
host => 'UTILITIES.emeralit.local',
lower_port => 25,
upper_port => null
);
END;
/
<10> Drop ACL:
|
|__ SQL> BEGIN
DBMS_NETWORK_ACL_ADMIN.DROP_ACL(
'ACL_NAME.XML'
);
END;
/
<11> ACL dynamic views contains ACL metadata:
|
|__ SQL> select * from dba_network_acls;
Reference:
|
|__ o. http://dba-oracle.com/t_ora_24247_network_access_denied_by_access_control_list_tips.htm
|
|__ o. https://oracle-base.com/articles/11g/fine-grained-access-to-network-services-11gr1
|
|__ o. https://docs.oracle.com/cd/B28359_01/appdev.111/b28419/d_networkacl_adm.htm#CHDJFJFF
Your Comments