Hi All!
I was reviewing some features in Oracle and, basically, every single time I review them I find something new. Seems Oracle Databases’ features are near to infinite and we frequently find some that can really add value to our solutions.
So I decided to make a serie of posts with really quick notes about each one of them.
You can see all posts in this serie in my page of posts and some others more.
Ready? Here it goes:
Fine-Grained Access Control (FGAC) on Network Services
Oracle supplies PL/SQL utility packages such as UTL_TCP, UTL_SMTP, UTL_MAIL, UTL_HTTP and UTL_INADDR to access to network services. In 11g Oracle have enhanced security available.
Rather than public being granted execute privileges on these packages, now it’s needed to create an ACCESS CONTROL LIST (ACL) in order to use these packages. Some ACL Related Data Dictionary VIEWS are DBA_NETWORK_ACLS and [DBA/USER]_NETWORK_ACL_PRIVILEGES.
> To create ACL:
SQL> begin DBMS_NETWORK_ACL_ADMIN.create_acl( acl => 'example.xml', description=>'EXEMPLE ACL', principal=>'EXAMPLE', is_grant=>TRUE, privilege=>'connect'); End; /
> Once the ACL is created, additional user or privileges can be added using the DBMS_NETWORK_ACL_ADMIN.add_privileges procedure:
SQL> BEGIN DBMS_NETWORK_ACL_ADMIN.add_privilege ( acl => 'example.xml', principal => 'SCOTT', is_grant => FALSE, privilege => 'connect', position => NULL, start_date => NULL, end_date => NULL); COMMIT; END; /
* DBMS_NETWORK_ACL_ADMIN.delete_privileges can be usedto drop privileges and DBMS_NETWORK_ACL_ADMIN.drop_acl to drop ACL.
> To assign ACL to a Network Host:
SQL> begin DBMS_NETWORK_ACL_ADMIN.assign_acl( acl => 'example.xml', host=>'grepora'); End; /
See you next week!