Skip to main content

I have a developer that is working remotely.  He’s worked remotely for years but all of the sudden today he is getting an error when running the debugger.  The IP and instance name have been changed for security reasons in the error below.

 

Connecting to the database {test instance}.

Executing PL/SQL: CALL DBMS_DEBUG_JDWP.CONNECT_TCP( '1.1.1.13', '62868' )

ORA-24247: network access denied by access control list (ACL)

ORA-06512: at "SYS.DBMS_DEBUG_JDWP", line 68

ORA-06512: at line 1

Process exited.

Disconnecting from the database {test instance}

His IP ends in .18 now though instead of the .13.  How do we fix this so it is using the correct IP?

This script exports your ACL definitions as executable SQL text.

 

  • Run this with SQL*Plus as SYS and store the output.
  • From that output, grab just what you need to drop and recreate the offending ACL.
  • Edit your script to change the host name.
  • Run your edited script to recreate what you need.

ORACLE-BASE - DBA Scripts: network_acls_ddl.sql

 

Keep in mind that the IFS PL/SQL Access Provider uses an ACL for the database to talk to the application server, so you don’t want to remove everything. You may also have integrations that need these too.

 

-- -----------------------------------------------------------------------------------
-- File Name : https://oracle-base.com/dba/11g/network_acls_ddl.sql
-- Author : Tim Hall
-- Description : Displays DDL for all network ACLs.
-- Requirements : Access to the DBA views.
-- Call Syntax : @network_acls_ddl
-- Last Modified: 28-JUL-2017
-- -----------------------------------------------------------------------------------

SET SERVEROUTPUT ON FORMAT WRAPPED LINESIZE 300
DECLARE
l_last_acl dba_network_acls.acl%TYPE := '~';
l_last_principal dba_network_acl_privileges.principal%TYPE := '~';
l_last_privilege dba_network_acl_privileges.privilege%TYPE := '~';
l_last_host dba_network_acls.host%TYPE := '~';

FUNCTION get_timestamp (p_timestamp IN TIMESTAMP WITH TIME ZONE)
RETURN VARCHAR2
AS
l_return VARCHAR2(32767);
BEGIN
IF p_timestamp IS NULL THEN
RETURN 'NULL';
END IF;
RETURN 'TO_TIMESTAMP_TZ(''' || TO_CHAR(p_timestamp, 'DD-MON-YYYY HH24:MI:SS.FF TZH:TZM') || ''',''DD-MON-YYYY HH24:MI:SS.FF TZH:TZM'')';
END;
BEGIN
FOR i IN (SELECT a.acl,
a.host,
a.lower_port,
a.upper_port,
b.principal,
b.privilege,
b.is_grant,
b.start_date,
b.end_date
FROM dba_network_acls a
JOIN dba_network_acl_privileges b ON a.acl = b.acl
ORDER BY a.acl, a.host, a.lower_port, a.upper_port)
LOOP
IF l_last_acl <> i.acl THEN
-- First time we've seen this ACL, so create a new one.
l_last_host := '~';

DBMS_OUTPUT.put_line('-- -------------------------------------------------');
DBMS_OUTPUT.put_line('-- ' || i.acl);
DBMS_OUTPUT.put_line('-- -------------------------------------------------');
DBMS_OUTPUT.put_line('BEGIN');
DBMS_OUTPUT.put_line(' DBMS_NETWORK_ACL_ADMIN.drop_acl (');
DBMS_OUTPUT.put_line(' acl => ''' || i.acl || ''');');
DBMS_OUTPUT.put_line(' COMMIT;');
DBMS_OUTPUT.put_line('END;');
DBMS_OUTPUT.put_line('/');
DBMS_OUTPUT.put_line(' ');
DBMS_OUTPUT.put_line('BEGIN');
DBMS_OUTPUT.put_line(' DBMS_NETWORK_ACL_ADMIN.create_acl (');
DBMS_OUTPUT.put_line(' acl => ''' || i.acl || ''',');
DBMS_OUTPUT.put_line(' description => ''' || i.acl || ''',');
DBMS_OUTPUT.put_line(' principal => ''' || i.principal || ''',');
DBMS_OUTPUT.put_line(' is_grant => ' || i.is_grant || ',');
DBMS_OUTPUT.put_line(' privilege => ''' || i.privilege || ''',');
DBMS_OUTPUT.put_line(' start_date => ' || get_timestamp(i.start_date) || ',');
DBMS_OUTPUT.put_line(' end_date => ' || get_timestamp(i.end_date) || ');');
DBMS_OUTPUT.put_line(' COMMIT;');
DBMS_OUTPUT.put_line('END;');
DBMS_OUTPUT.put_line('/');
DBMS_OUTPUT.put_line(' ');
l_last_acl := i.acl;
l_last_principal := i.principal;
l_last_privilege := i.privilege;
END IF;

IF l_last_principal <> i.principal
OR (l_last_principal = i.principal AND l_last_privilege <> i.privilege) THEN
-- Add another principal to an existing ACL.
DBMS_OUTPUT.put_line('BEGIN');
DBMS_OUTPUT.put_line(' DBMS_NETWORK_ACL_ADMIN.add_privilege (');
DBMS_OUTPUT.put_line(' acl => ''' || i.acl || ''',');
DBMS_OUTPUT.put_line(' principal => ''' || i.principal || ''',');
DBMS_OUTPUT.put_line(' is_grant => ' || i.is_grant || ',');
DBMS_OUTPUT.put_line(' privilege => ''' || i.privilege || ''',');
DBMS_OUTPUT.put_line(' start_date => ' || get_timestamp(i.start_date) || ',');
DBMS_OUTPUT.put_line(' end_date => ' || get_timestamp(i.end_date) || ');');
DBMS_OUTPUT.put_line(' COMMIT;');
DBMS_OUTPUT.put_line('END;');
DBMS_OUTPUT.put_line('/');
DBMS_OUTPUT.put_line(' ');
l_last_principal := i.principal;
l_last_privilege := i.privilege;
END IF;

IF l_last_host <> i.host||':'||i.lower_port||':'||i.upper_port THEN
DBMS_OUTPUT.put_line('BEGIN');
DBMS_OUTPUT.put_line(' DBMS_NETWORK_ACL_ADMIN.assign_acl (');
DBMS_OUTPUT.put_line(' acl => ''' || i.acl || ''',');
DBMS_OUTPUT.put_line(' host => ''' || i.host || ''',');
DBMS_OUTPUT.put_line(' lower_port => ' || NVL(TO_CHAR(i.lower_port),'NULL') || ',');
DBMS_OUTPUT.put_line(' upper_port => ' || NVL(TO_CHAR(i.upper_port),'NULL') || ');');
DBMS_OUTPUT.put_line(' COMMIT;');
DBMS_OUTPUT.put_line('END;');
DBMS_OUTPUT.put_line('/');
DBMS_OUTPUT.put_line(' ');
l_last_host := i.host||':'||i.lower_port||':'||i.upper_port;
END IF;
END LOOP;
END;
/