Thursday, March 13, 2014

DBMS Network ACL of HTTP call using UTL_HTTP in oracle

Oracle allows access to external network services using several PL/SQL APIs (UTL_TCPUTL_SMTPUTL_MAILUTL_HTTP and UTL_INADDR), all of which are implemented using the TCP protocol. In previous versions of the database, access to external services was effectively an on/off switch based on whether a user was granted execute permissions on a specific package or not. Oracle 11g introduces fine grained access to network services using access control lists (ACL) in the XML DB repository, allowing control over which users access which network resources, regardless of package grants.

Access control lists are manipulated using the DBMS_NETWORK_ACL_ADMIN package. reference

Scripts :

dbms_network_acl_admin.create_acl (
   acl          => 'networkacl.xml',
   description  => 'Allow Network Connectivity',
   principal    => 'PUBLIC',
   is_grant     => TRUE,
   privilege    => 'connect',
   start_date   => SYSTIMESTAMP,
   end_date     => NULL);

dbms_network_acl_admin.assign_acl (
   acl         => 'networkacl.xml',
   host        => '*',
   lower_port  => NULL,
   upper_port  => NULL);