Skip Headers
Oracle® Database PL/SQL Packages and Types Reference
11g Release 1 (11.1)

B28419-03
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Master Index
Master Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
PDF · Mobi · ePub

81 DBMS_NETWORK_ACL_UTILITY

The DBMS_NETWORK_ACL_UTILITY package provides utilities to the interface for administering the network Access Control List (ACL).

See Also:

For more information, see "Managing Fine-grained Access to External Network Services" in Oracle Database Security Guide

The chapter contains the following topics:


Using DBMS_NETWORK_ACL_UTILITY


Examples

The DOMAINS Function in this package returns all the domains a host belongs to. It can be used in conjunction with the CHECK_PRIVILEGE_ACLID Function in the DBMS_NETWORK_ACL_ADMIN pacakge to determine the privilege assignments affecting a user's permission to access a network host. The function DOMAIN_LEVEL Function in this package returns the level of each domain and can be used to order the ACL assignments by their precedence.

Example 1

For example, for SCOTT's permission to connect to www.us.oracle.com:

  SELECT host, lower_port, upper_port, acl,
     DECODE(
         DBMS_NETWORK_ACL_ADMIN.CHECK_PRIVILEGE_ACLID(aclid, 'SCOTT', 'connect'),
            1, 'GRANTED', 0, 'DENIED', null) privilege
     FROM dba_network_acls
    WHERE host IN
      (SELECT * FROM
         TABLE(DBMS_NETWORK_ACL_UTILITY.DOMAINS('www.us.oracle.com')))
   ORDER BY DBMS_NETWORK_ACL_UTLITITY.DOMAIN_LEVEL(host) desc, lower_port, 
                                               upper_port;


   HOST                 LOWER_PORT UPPER_PORT         ACL          PRIVILEGE
   -------------------- ---------- ---------- -------------------- ---------
   www.us.oracle.com            80         80 /sys/acls/www.xml    GRANTED
   www.us.oracle.com          3000       3999 /sys/acls/www.xml    GRANTED
   www.us.oracle.com                          /sys/acls/www.xml    GRANTED
   *.oracle.com                               /sys/acls/all.xml
   *                                          /sys/acls/all.xml

Example 2

For example, for SCOTT's permission to do domain name resolution for www.us.oracle.com:

   SELECT host, lower_port, upper_port, acl,
     DECODE(
          DBMS_NETWORK_ACL_ADMIN.CHECK_PRIVILEGE_ACLID(aclid, 'SCOTT', 'resolve'),
            1, 'GRANTED', 0, 'DENIED', null) privilege
     FROM dba_network_acls
    WHERE host IN
      (SELECT * FROM
         TABLE(DBMS_NETWORK_ACL_UTILITY.DOMAINS('www.us.oracle.com'))) and
      lower_port IS NULL AND upper_port IS NULL
   ORDER BY DBMS_NETWORK_ACL_UTILITY.DOMAIN_LEVEL(host) desc;


   HOST                 LOWER_PORT UPPER_PORT         ACL          PRIVILEGE
   -------------------- ---------- ---------- -------------------- ---------
   www.us.oracle.com                          /sys/acls/www.xml    GRANTED
   *.oracle.com                               /sys/acls/all.xml
   *                                          /sys/acls/all.xml  
 

Note that the "resolve" privilege takes effect only in ACLs assigned without any port range (when lower_port and upper_port are NULL). For this reason, we do not include lower_port and upper_port columns in the query.


Summary of DBMS_NETWORK_ACL_UTILITY Subprograms

Table 81-1 DBMS_NETWORK_ACL_UTILITY Package Subprograms

Subprogram Description

DOMAIN_LEVEL Function

Returns the domain level of the given host name, domain, or subnet

DOMAINS Function

For a given host, this function returns the domains whose ACL assigned will be used to determine if a user has the privilege to access the given host or not.



DOMAIN_LEVEL Function

This function returns the domain level of the given host name, domain, or subnet.

Syntax

DBMS_NETWORK_ACL_UTILITY.DOMAIN_LEVEL (
    host  IN VARCHAR2) 
  RETURN NUMBER;

Parameters

Table 81-2 DOMAIN_LEVEL Function Parameters

Parameter Description

host

Network host, domain, or subnet


Return Values

The domain level of the given host, domain, or subnet.

Examples

SELECT DBMS_NETWORK_ACL_UTILITY.DOMAIN_LEVEL('www.us.oracle.com') FROM DUAL;

DOMAINS Function

For a given host, this function returns the domains whose ACL assigned will be used to determine if a user has the privilege to access the given host or not. When the IP address of the host is given, return the subnets instead.

Syntax

DBMS_NETWORK_ACL_UTILITY.DOMAINS (
    host  IN VARCHAR2) 
  RETURN DOMAIN_TABLE PIPELINED;

Parameters

Table 81-3 DOMAINS Function Parameters

Parameter Description

host

Network host


Return Values

The domains or subnets for the given host.

Examples

SELECT * FROM TABLE (DBMS_NETWORK_ACL_UTILITY.DOMAINS('www.us.oracle.com'));