In this example we will assign a new ip/web address to an ACL that already exists. First of all let’s see what’s on the list, for this run the following query;
PAYP*ANTO> COLUMN ACL FORMAT A50
PAYP*ANTO> COLUMN HOST FORMAT A50
PAYP*ANTO> SELECT ACL, HOST, LOWER_PORT, UPPER_PORT FROM DBA_NETWORK_ACLS;
ACL HOST LOWER_PORT UPPER_PORT
____________________________________________ __________________________________________________ __________ __________
/sys/acls/visa_acl.xml 10.300.202.25 ø ø
/sys/acls/visa_acl.xml 10.300.202.46 ø ø
/sys/acls/visa_acl.xml 10.300.202.47 ø ø
/sys/acls/visa_acl.xml 10.300.202.81 ø ø
4 filas seleccionadas.
In this case it returned four directions. Now let’s allow the ip 10.300.202.95, for it we’ll use DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL package as shown in the following example;
BEGIN
DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL (
acl => 'visa_acl.xml',
host => '10.300.202.95',
lower_port => NULL,
upper_port => NULL);
COMMIT;
END;
/
There is no restriction on ports, so we set lower_port and upper_port to null. Rerun the query from above;
PAYP*ANTO> SELECT ACL, HOST, LOWER_PORT, UPPER_PORT FROM DBA_NETWORK_ACLS;
ACL HOST LOWER_PORT UPPER_PORT
____________________________________________ __________________________________________________ __________ __________
/sys/acls/visa_acl.xml 10.300.202.95 ø ø
/sys/acls/visa_acl.xml 10.300.202.25 ø ø
/sys/acls/visa_acl.xml 10.300.202.46 ø ø
/sys/acls/visa_acl.xml 10.300.202.47 ø ø
/sys/acls/visa_acl.xml 10.300.202.81 ø ø
5 filas seleccionadas.
For delete an ACL entry you must use the DBMS_NETWORK_ACL_ADMIN package with UNASSIGN_ACL procedure, like show below;
BEGIN
DBMS_NETWORK_ACL_ADMIN.UNASSIGN_ACL(acl => 'visa_acl.xml',host => '10.300.230.31');
END;
/
COMMIT;
HTH – Antonio NAVARRO