When trying to save a trigger I get this error
Connecting to the database XE.
Executing PL/SQL: CALL DBMS_DEBUG_JDWP.CONNECT_TCP( '192.168.56.1', '59537' )
ORA-24247: network access denied by access control list (ACL)
ORA-06512: at "SYS.DBMS_DEBUG_JDWP", line 68
ORA-06512: at line 1
Process exited.
Disconnecting from the database XE.
I'm just a beginner in working with DB, how can I fix this?
You say 'save', we can assume you also mean 'compile.' This error wouldn't occur if you were merely compiling the updated pl/sql to the database. You'll get this error when you try to invoke the default PL/SQL debugger (button has a picture of a bug on it.)
The easiest solution for this is as follows:
Get version 20.2 of SQL Developer. In preferences, set debugger mode to DBMS_DEBUG
This uses a normal client connection and avoids the ACL rule, as the database no longer is connecting to your machine.
Disclaimer: I'm the product manager for SQL Developer at Oracle.
The first example didn't work for me. If you really want to get the DBMS_DEBUG_JDWP (Java Debug Wire Protocol) working, this is what you do:
NOTE: DO NOT USE DBMS_DEBUG anymore, it's considered deprecated. While it hasn't been removed, it may be in the future. The Oracle documentation specifically says to use DBMS_DEBUG_JDWP. It's set as the default for a reason ;)
DBMS DEBUG deprecated
Logging on as SYS with SYSDBA.
-- Grant the user debug permissions, substituting HR with the user you want to be logged on when you're debugging
GRANT DEBUG ANY PROCEDURE TO hr;
GRANT DEBUG CONNECT SESSION TO hr;
GRANT EXECUTE ON DBMS_DEBUG_JDWP To hr;
COMMIT;
-- Here you want to again substitute the HR user with your user doing the debugging
BEGIN
DBMS_NETWORK_ACL_ADMIN.APPEND_HOST_ACE
(host=>'127.0.0.1',
ace=> SYS.XS$ACE_TYPE(privilege_list=>SYS.XS$NAME_LIST('JDWP'),
principal_name=>'HR',
principal_type=>SYS.XS_ACL.PTYPE_DB)
);
END;
COMMIT;
Also you want to set your listener.ora to be able to connect to localhost.
Also, you also want to add this setting in SQL Developer:
Tools
Preferences
Debugger
Prompt For Debugger Host (this will allow you to type 127.0.0.1 when the debugger starts, if you're doing this locally)
NOTE: Make sure you compile for debug!
UPDATE: The example I showed is for situations where the database is a local XE running on your own machine. This is essentially a local debugging session. To debug remotely (Oracle database is running on a remote server), you will substitute the 127.0.0.1 loopback IP with the IP of your machine on the current network. Do an ipconfig if necessary. You'll run the DBMS_NETWORK_ACL_ADMIN.APPEND_HOST_ACE procedure with that IP. You'll use your machine IP on the network when the network IP prompt comes up.
It is about the ACL (as the message says). Here's a walkthrough, see if it helps. I'm using user SCOTT; you'd use your own user.
SQL> show user
USER is "SYS"
SQL>
SQL> SELECT * FROM dba_network_acls;
no rows selected
Create ACL:
SQL> BEGIN
2 DBMS_NETWORK_ACL_ADMIN.create_acl (
3 acl => 'xedba.xml',
4 description => 'TCP, SMTP, MAIL, HTTP Access',
5 principal => 'SCOTT',
6 is_grant => TRUE,
7 privilege => 'connect',
8 start_date => NULL,
9 end_date => NULL);
10 END;
11 /
PL/SQL procedure successfully completed.
Assign ACL:
SQL> BEGIN
2 DBMS_NETWORK_ACL_ADMIN.assign_acl (acl => 'xedba.xml',
3 HOST => '*',
4 lower_port => NULL,
5 upper_port => NULL);
6 END;
7 /
PL/SQL procedure successfully completed.
Add privilege:
SQL> BEGIN
2 -- SCOTT
3 DBMS_NETWORK_ACL_ADMIN.add_privilege (acl => 'xedba.xml',
4 principal => 'SCOTT',
5 is_grant => TRUE,
6 privilege => 'connect',
7 start_date => NULL,
8 end_date => NULL);
9
10 DBMS_NETWORK_ACL_ADMIN.add_privilege (acl => 'xedba.xml',
11 principal => 'SCOTT',
12 is_grant => TRUE,
13 privilege => 'resolve',
14 start_date => NULL,
15 end_date => NULL);
16 END;
17 /
PL/SQL procedure successfully completed.
SQL> COMMIT;
Commit complete.
Now, you should connect as user which was granted access and run your command again.
Related
My production app is an APEX application already running in a custom domain (mydomain.com). I've already configured REST-enabled SQL Service, and connected to it successfully from another APEX installation on anther custom domain of mine. So that seems fine.
Now, I've spun up a new APEX Developer Service environment on oraclecloud, and I'm trying to create a REST-enabled SQL Service reference to point to the mydomain.com instance. I'm getting the typical error that says the endpoint does not point to a REST-enabled SQL Service.
In the past, when I've had this problem, I solved it by:
Creating an ACL for the remote domain, which allows responses to come back into the requester, and
Modifying the wallet on the requester to include the root CA certificate of the remote domain. This is needed because my custom remote instance is running HTTPS.
As far as I know, both of those require database and/or filesystem access, which I don't have in the APEX Developer Service environment on oraclecloud.
So, my question is: is it possible to do this and, if so, how?
you might execute the following in SQL Commands in order to test networking connectivity between the APEX service and your APEX instance within (yourdomain.com).
declare
l_result clob;
begin
l_result := apex_web_service.make_rest_request(
p_url => 'http://server.yourdomain.com/path/to/restenabledsql/_/sql',
p_http_method => 'GET' );
htp.p( 'Status: ' || apex_web_service.g_status_code );
end;
As this block does not pass credentials, it will never work correctly. However, based on the thrown error message, we will hopefully get a better indication about the actual cause.
I'm trying to do a REST/HTTP request from PL/SQL in OCI.
I am stumped when trying UTL_HTTP ( but successful using APEX_WEB_SERVICE package).
Has anyone had success using UTL_HTTP on OCI AutonomousDB?
BEGIN
UTL_HTTP.SET_WALLET('');
http_request := UTL_HTTP.begin_request(UTL_URL.Escape([url]), 'GET');
http_response := UTL_HTTP.get_response(http_request);
UTL_HTTP.read_text(http_response, return_text);
DBMS_OUTPUT.put_line (return_text);
END;
Error report – ORA-01031: insufficient privileges ORA-06512: at
"SYS.UTL_HTTP", line 136 ORA-06512: at "SYS.UTL_HTTP", line 1410
ORA-06512: at line 7
01031. 00000 - "insufficient privileges"
*Cause: An attempt was made to perform a database operation without
the necessary privileges.
*Action: Ask your database administrator or designated security
administrator to grant you the necessary privileges
I have setup ACL as follows so http privilege is granted:
BEGIN
DBMS_NETWORK_ACL_ADMIN.APPEND_HOST_ACE(
host => '[domain]',
lower_port => 443,
upper_port => 443,
ace => xs$ace_type(privilege_list => xs$name_list('http'),
principal_name => '[name]',
start_date => SYSTIMESTAMP,
principal_type => xs_acl.ptype_db));
END;
/
UTL_HTTP is unsupported on OCI Autonomous DB -
Oracle Database Features That Are Not Supported
The following Oracle Database features, options and packs are not supported in Autonomous Database.
UTL_SMTP, UTL_HTTP, and UTL_TCP PL/SQL packages
Now I know..
try using
privilege_list => xs$name_list('connect', 'resolve')
Docs says:
Security Model
This package is an invoker's rights package and the invoking user will need the connect privilege granted in the access control list assigned to the remote network host to which he wants to connect, as well as the use-client-certificates or the use-passwords privilege to authenticate himself with the remote Web server using the credentials stored in an Oracle wallet.
You also need 'resolve' to resolve the domain name.
Saying "UTL_HTTP is unsupported on OCI Autonomous DB" is misleading. First of all, you should clarify what flavor of ADB you are using. The doc link you referenced is for Autonomous Database on Dedicated Exadata Infrastructure (ADB-D). Autonomous Database on Shared Exadata Infrastructure (ADB-S) supports UTL_HTTP as already mentioned in the ADB-S doc.
hope you can help me too.
I'm developing an APEX-Application.
Oracle 12c APEX 4.2.
I'm using the workspace wrk_projects in pdborcl.
I need some information about the client. The client will act in the same domain.
So I'm building a report:
select utl_inaddr.get_host_name(sys_context('userenv','ip_address')) as hostname from dual;
When I run it:
report error:
ORA-24247 network access denied by access control list (ACL)
My question is:
I have to define the ACL in the container or in pdb?
How to find out the user I have to grant the ACL to?
Any other tips?
Oracle Apex Documentation: Granting Connect Privileges in Oracle Database 12c
Which can be found under "Oracle Application Express Application Builder User's Guide -> Managing Application Security"
Procedures CREATE_ACL, ASSIGN_ACL, ADD_PRIVILEGE and CHECK_PRIVILEGE
in DBMS_NETWORK_ACL_ADMIN are deprecated in Oracle Database 12c.
Oracle recommends using APPEND_HOST_ACE instead. The following example
demonstrates how to grant connect privileges to any host for the
APEX_050000 database user. This example assumes you connected to the
database where Oracle Application Express is installed as SYS
specifying the SYSDBA role.
BEGIN
DBMS_NETWORK_ACL_ADMIN.APPEND_HOST_ACE(
host => '*',
ace => xs$ace_type(privilege_list => xs$name_list('connect'),
principal_name => 'apex_050000',
principal_type => xs_acl.ptype_db));
END;
/
The following example demonstrates how to provide less privileged
access to local network resources. This example enables access to
servers on the local host only, such as email and report servers.
BEGIN
DBMS_NETWORK_ACL_ADMIN.APPEND_HOST_ACE(
host => 'localhost',
ace => xs$ace_type(privilege_list => xs$name_list('connect'),
principal_name => 'apex_050000',
principal_type => xs_acl.ptype_db));
END;
/
Other than that, it might depends on how you have configured apex in your db. Are you using apex in the cdb and are the apex objects linked up (thus: one apex install for all db's) or are you using different apex installations per pdb. I'm guessing it's just the single install. My guess (I'm no DBA) is that you'll have to grant it to the user in the root.
I used yesterday the sqlplus on ubuntu 14.04LTS normally but today when I open it I connect to the System :
SQL> connect system
Enter Password :
Connected.
Then I want to connect to my account which I created yesterday :
SQL> connect slim/slimhmidi;
Connected.
when I want to create as session I had this error:
SQL> grant session to slim;
grant session to slim
*
ERROR at line 1:
ORA-01919: role ' SESSION ' does not exist
I tried to create a session but no vain:
SQL> grant create session to slim;
grant create session to slim
*
ERROR at line 1:
ORA-01031: insufficient privileges
Also I have this error :
SQL> grant connect to slim;
grant connect to slim
*
ERROR at line 1:
ORA-01932: admin option not granted for role ' CONNECT'
However I didn't have these problems yesterday.
ORA-01919: role ' SESSION ' does not exist
You are trying to grant the privilege to user slim while you are already connected to slim. So, the grantor and grantee are same here.
ORA-01932: admin option not granted for role ' CONNECT
As I said, you are already connected as user slim, it means the user already has the CONNECT privilege.
To grant create session to the user, you could do it as SYS user or any other user which has the privilege to grant.
See this link to documentation http://docs.oracle.com/cd/B19306_01/network.102/b14266/admusers.htm#DBSEG10000
Update Per OP's comments
To give the select privilege on the table to a user:
GRANT SELECT ON table_name TO slim;
i installed oracle 11g database express edition on my windows 7 (32 bit) pc . It was successfully installed but now when i try to open it , Firefox gives me following error.
"unable to connect."
So please reply to this post as soon as possible to open Oracle as without this , i can't go ahead in learning it. I m just a beginner.
Check if u can open SQLPLUS
if yes, change the port of ORACLE web server by using
connect / as sysdba
DBMS_XDB.sethttpport('9090');
open run SQL command line or in your cmd writes: sqlplus "/ as sysdba"
for both cases:
SQL> conn
Enter user-name:
Enter password:
In SQL DEVELOPER
Default connection for oracle 11g
go to connection>New Connection
Connection Name = HR or Use any name
User name = hr
Password = Your Password (This is the password that you selected during the installation of the of Oracle 11g)
Check the "Save" option
role: default
port 1521
SID : orcl
If you want to create the SYSDBA Account ( Administrator account)
Connection Name = admin ORCL or Use any name
User name = sys
Password = Your Password (This is the password that you selected during the installation of the of Oracle 11g)
role: sysdba( from the drop down)
port 1521
SID : orcl
TEST and Save Connect
Just in case if your HR account is locked because you have connected multiple number of times than you can fix this by logging into your SYS DBA account
In the objects list on your list go to the OTHER USERS and
GO to HR Account > RT Click
EDIT USER
Choose the password youlike
and UN CHECK The account locked and Uncheck the Password Expired options if they are checked in
This happens when the you install as a user and not as admin. Even if u have admin privileges, it won't do.
Also, after this error comes then the issue is that the port 8080 is being used by another application.
1.) First of all, stop that app.
2.) Rest Oracle Port
SQL> begin
2 dbms_xdb.sethttpport('9090');
3 end;
4 /
PS: I read one thread it says that don't use # in the password also.
Hope it helps :)