OXAR icon indicating copy to clipboard operation
OXAR copied to clipboard

Published 20 hours ago verified publisher icon OraOpenSource

ACL Network Access Control List did not work as per oracle_config.sh

Open GasparYYC opened this issue 9 years ago • 0 comments

The ACL Network Control did not work as planned... Email did not go out until I ran the following script as 'SYS as sysdba' in the database:

(page 732 of APEX 50 App Builders Guide.pdf)

# cat /tmp/acl.sql 

DECLARE
ACL_PATH VARCHAR2(4000);
ACL_ID RAW(16);
BEGIN
-- Look for the ACL currently assigned to 'localhost' and give APEX_050000
-- the "connect" privilege if APEX_050000 does not have the privilege yet.
SELECT ACL INTO ACL_PATH FROM DBA_NETWORK_ACLS WHERE HOST = 'localhost' AND LOWER_PORT IS NULL AND UPPER_PORT IS NULL;
-- Before checking the privilege, ensure that the ACL is valid
-- (for example, does not contain stale references to dropped users).
-- If it does, the following exception will be raised:
--
-- ORA-44416: Invalid ACL: Unresolved principal 'APEX_050000'
-- ORA-06512: at "XDB.DBMS_XDBZ", line ...
--
SELECT SYS_OP_R2O(extractValue(P.RES, '/Resource/XMLRef')) INTO ACL_ID
FROM XDB.XDB$ACL A, PATH_VIEW P
WHERE extractValue(P.RES, '/Resource/XMLRef') = REF(A) AND
EQUALS_PATH(P.RES, ACL_PATH) = 1;
DBMS_XDBZ.ValidateACL(ACL_ID);
IF DBMS_NETWORK_ACL_ADMIN.CHECK_PRIVILEGE(ACL_PATH, 'APEX_050000','connect') IS NULL THEN
DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(ACL_PATH,
'APEX_050000', TRUE, 'connect');
END IF;
EXCEPTION
-- When no ACL has been assigned to 'localhost'.
WHEN NO_DATA_FOUND THEN
DBMS_NETWORK_ACL_ADMIN.CREATE_ACL('local-access-users.xml',
'ACL that lets power users to connect to everywhere',
'APEX_050000', TRUE, 'connect');
DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL('local-access-users.xml','localhost');
END;
/

Script must be executed, previous DB restart did not make a difference (confirmed)

SYS@orcl > @/tmp/acl.sql   
    PL/SQL procedure successfully completed.
SYS@orcl > COMMIT;
    Commit complete.

Restart the database, you can use:

/etc/init.d/oracle-xe restart

Once the script was executed and DB restarted, email flowed automatically, even the stuck ones in the APEX mail queue.

Note: I assume the script oracle_config.sh was executed as per build.sh (I have not verified) Current version of XE is 11.x so the script above is only for 11g not for 12c

GasparYYC avatar Jan 12 '16 21:01 GasparYYC