Erman Arslan's Oracle Forum Database

ORA-24247: network access denied by access control list (ACL)

classic Classic list List threaded Threaded
5 messages Options
Roshan
Reply | Threaded
Open this post in threaded view
|

ORA-24247: network access denied by access control list (ACL)

Roshan
Hello Erman,

we are getting the below error

ORA29273.png



I tried to give permission but still it it is not working
ACL.png

Regards

Roshan
ErmanArslansOracleBlog
Reply | Threaded
Open this post in threaded view
|

Re: ORA-24247: network access denied by access control list (ACL)

ErmanArslansOracleBlog
Administrator
Hello,

İt is very clear that it is an ACL error.
Create and assign ACL for the server that you need to reach via http.

Example:

SELECT host, acl, lower_port lport, upper_port uport
FROM DBA_NETWORK_ACLS ;

We check the output and we 'll see that there is no ACLs defined for enabling access to the server that we are trying reach.

Then, we create our ACL and associate it with the relevant user to make that user access the desired IP/host from our Oracle Database;

BEGIN
  DBMS_NETWORK_ACL_ADMIN.CREATE_ACL(acl         => 'mailserver.xml',
                                    description => 'mailserver icin xml',
                                    principal   => 'APPS',
                                    is_grant    => true,
                                    privilege   => 'connect');

  DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(acl       => 'mailserver.xml',
                                       principal => 'APPS',
                                       is_grant  => true,
                                       privilege => 'resolve');

  DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL(acl  => 'mailserver.xml',
                                    host => '.....ip or hostname here....');
END;
/
COMMIT;
Roshan
Reply | Threaded
Open this post in threaded view
|

Re: ORA-24247: network access denied by access control list (ACL)

Roshan
Hello,

thanks. Issue is solved. I created the ACL and I created a role(connect privilege) to which I assigned in the add privilege statement.

Then for all other users I granted that role.

BEGIN
  DBMS_NETWORK_ACL_ADMIN.DROP_ACL (
    acl         => 'adduserwsv.xml');
  COMMIT;
END;
/


SQL> select acl , principal , privilege , is_grant from DBA_NETWORK_ACL_PRIVILEGES;

BEGIN
   DBMS_NETWORK_ACL_ADMIN.CREATE_ACL (
    acl          => 'adduserwsv.xml',
    description  => 'APPS',
    principal    => 'CBS_CORE',
    is_grant     => TRUE,
    privilege    => 'connect');
   COMMIT;
END;
/

create role cbsrole;

BEGIN
   DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE (
    acl          => 'adduserwsv.xml',                
    principal    => 'CBSROLE',
    is_grant     => TRUE,
    privilege    => 'connect',
    position     => null);
   COMMIT;
END;
/


BEGIN
   DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL (
    acl          => 'adduserwsv.xml',                
    host         => '10.210.228.8/*');
   COMMIT;
END;
/

Regards,

Roshan
Roshan
Reply | Threaded
Open this post in threaded view
|

Re: ORA-24247: network access denied by access control list (ACL)

Roshan
Hi,

we are now getting

Error : ORA-12535: TNS:operation timed out

I am able to tnsping
tnsping.png

But nslookup fails
DNS.png

Do you think the ORA -12535 is due to host not present in DNS?

Regards,

Roshan
ErmanArslansOracleBlog
Reply | Threaded
Open this post in threaded view
|

Re: ORA-24247: network access denied by access control list (ACL)

ErmanArslansOracleBlog
Administrator
No.
You are able to tnsping using the hostname as it is seen in tnsping.ping
Your problem should be on your database listener side.
Check the listener.

Also, what does that mean "we are now getting ORA-12535" , where are you getting this? You are getting this while doing what?
ORA-12535 is another error , so please create a seperate issue for it.
For further analysis, create a seperate issue and give me all the details .

Free forum by Nabble Edit this page