acl操作记录
官方文档内容:
1.CREATE_ACL Procedure创建ACL
Note: This procedure is deprecated in Oracle Database 12c. While the procedure remains available in the package for reasons of backward compatibility, Oracle recommends using the APPEND_HOST_ACE Procedure and the APPEND_WALLET_ACE Procedure.
创建一个ACL并且授予默认的权限. An ACL must have at least one privilege setting. The ACL has no access control effect unless it is assigned to the network target.
Syntax
DBMS_NETWORK_ACL_ADMIN.CREATE_ACL ( acl IN VARCHAR2, description IN VARCHAR2, principal IN VARCHAR2, is_grant IN BOOLEAN, privilege IN VARCHAR2, start_date IN TIMESTAMP WITH TIMEZONE DEFAULT NULL, end_date IN TIMESTAMP WITH TIMEZONE DEFAULT NULL );
Parameters
Usage Notes
To drop the access control list, use the DROP_ACL Procedure.
Examples
BEGIN DBMS_NETWORK_ACL_ADMIN.CREATE_ACL( acl => 'us-example-com-permissions.xml', description => 'Network permissions for *.us.example.com', principal => 'SCOTT', is_grant => TRUE, privilege => 'connect'); END;
2.ADD_PRIVILEGE Procedure增加权限Note: This procedure is deprecated in Oracle Database 12c. While the procedure remains available in the package for reasons of backward compatibility, Oracle recommends using the APPEND_HOST_ACE Procedure and the APPEND_WALLET_ACE Procedure. 增加一个允许或拒绝用户网络访问的权限This procedure adds a privilege to grant or deny the network access to the user. The access control entry (ACE) is created if it does not exist. Syntax DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE (
acl IN VARCHAR2,
principal IN VARCHAR2,
is_grant IN BOOLEAN,
privilege IN VARCHAR2,
position IN PLS_INTEGER DEFAULT NULL,
start_date IN TIMESTAMP WITH TIMESTAMP DEFAULT NULL,
end_date IN TIMESTAMP WITH TIMESTAMP DEFAULT NULL );
Parameters
Examples BEGIN
DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(
acl => 'us-example-com-permissions.xml',
principal => 'ST_USERS',
is_grant => TRUE,
privilege => 'connect')
END;
3.ASSIGN_ACL ProcedureACL指派ACL到目标主机的权限Note: This procedure is deprecated in Oracle Database 12c. While the procedure remains available in the package for reasons of backward compatibility, Oracle recommends using the APPEND_HOST_ACE Procedure and the APPEND_WALLET_ACE Procedure. 指派ACL到目标主机的权限 This procedure assigns an access control list (ACL) to a host computer, domain, or IP subnet, and if specified, the TCP port range. Syntax DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL (
acl IN VARCHAR2,
host IN VARCHAR2,
lower_port IN PLS_INTEGER DEFAULT NULL,
upper_port IN PLS_INTEGER DEFAULT NULL);
Parameters
Examples BEGIN
DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL(
acl => 'us-example-com-permissions.xml',
host => '*.us.example.com',
lower_port => 80);
END;
APPEND_HOST_ACE Procedure 12c专用This procedure appends an access control entry (ACE) to the access control list (ACL) of a network host. The ACL controls access to the given host from the database and the ACE specifies the privileges granted to or denied from the specified principal. Syntax DBMS_NETWORK_ACL_ADMIN.APPEND_HOST_ACE (
host IN VARCHAR2,
lower_port IN PLS_INTEGER DEFAULT NULL,
upper_port IN PLS_INTEGER DEFAULT NULL,
ace IN XS$ACE_TYPE);
Parameters Table 101-5 APPEND_HOST_ACE Function Parameters
6.DELETE_PRIVILEGE Procedure从ACL删除权限12c之前有效 Note: This procedure is deprecated in Oracle Database 12c. While the procedure remains available in the package for reasons of backward compatibility, Oracle recommends using the REMOVE_HOST_ACE Procedure and the REMOVE_WALLET_ACE Procedure. 从ACL删除权限 This procedure deletes a privilege in an access control list. Syntax DBMS_NETWORK_ACL_ADMIN.DELETE_PRIVILEGE (
acl IN VARCHAR2,
principal IN VARCHAR2,
is_grant IN BOOLEAN DEFAULT NULL,
privilege IN VARCHAR2 DEFAULT NULL);
Parameters
Examples BEGIN
DBMS_NETWORK_ACL_ADMIN.DELETE_PRIVILEGE(
acl => 'us-example-com-permissions.xml',
principal => 'ST_USERS')
END;
7.DROP_ACL Procedure删除一个ACLNote: This procedure is deprecated in Oracle Database 12c. The procedure remains available in the package only for reasons of backward compatibility. 删除一个ACL This procedure drops an access control list (ACL). Syntax DBMS_NETWORK_ACL_ADMIN.DROP_ACL (
acl IN VARCHAR2);
Parameters Table 101-15 DROP_ACL Procedure Parameters
Examples BEGIN
DBMS_NETWORK_ACL_ADMIN.DROP_ACL(
acl => 'us-example-com-permissions.xml');
END;
REMOVE_HOST_ACE Procedure 12c专用This procedure removes privileges from access control entries (ACE) in the access control list (ACL) of a network host matching the given ACE. Syntax DBMS_NETWORK_ACL_ADMIN.REMOVE_HOST_ACE (
host IN VARCHAR2,
lower_port IN PLS_INTEGER DEFAULT NULL,
upper_port IN PLS_INTEGER DEFAULT NULL,
ace IN XS$ACE_TYPE,
remove_empty_acl IN BOOLEAN DEFAULT FALSE);
Parameters Table 101-16 REMOVE_HOST_ACE Function Parameters
4.SET_HOST_ACL Procedure从数据库到目标主机的ACL权限 This procedure sets the access control list (ACL) of a network host which controls access to the host from the database. Syntax DBMS_NETWORK_ACL_ADMIN.SET_HOST_ACL (
host IN VARCHAR2,
lower_port IN PLS_INTEGER DEFAULT NULL,
upper_port IN PLS_INTEGER DEFAULT NULL,
acl IN VARCHAR2);
Parameters Table 101-18 SET_HOST_ACL Function Parameters
5.SET_WALLET_ACL ProcedureThis procedure sets the access control list (ACL) of a wallet which controls access to the wallet from the database. Syntax DBMS_NETWORK_ACL_ADMIN.SET_WALLET_ACL (
wallet_path IN VARCHAR2,
acl IN VARCHAR2);
Parameters Table 101-19 SET_WALLET_ACL Function Parameters
8.UNASSIGN_ACL ProcedureNote: This procedure is deprecated in Oracle Database 12c. While the procedure remains available in the package for reasons of backward compatibility, Oracle recommends using the REMOVE_HOST_ACE Procedure and the REMOVE_WALLET_ACE Procedure. 从网络主机中回收ACL权限This procedure unassigns the access control list (ACL) currently assigned to a network host. Syntax DBMS_NETWORK_ACL_ADMIN.UNASSIGN_ACL (
acl IN VARCHAR2 DEFAULT NULL,
host IN VARCHAR2 DEFAULT NULL,
lower_port IN PLS_INTEGER DEFAULT NULL,
upper_port IN PLS_INTEGER DEFAULT NULL);
Parameters
Examples BEGIN
DBMS_NETWORK_ACL_ADMIN.UNASSIGN_ACL(
host => '*.us.example.com',
lower_port => 80);
END;
|
--1 创建 ACL
begin
dbms_network_acl_admin.create_acl( acl => 'temp_acl.xml',
description =>'Normal Access',
principal=>'CONNECT',
is_grant => true,
privilege=>'connect',
start_date=> null,
end_date => null);
end;
--2. 确认acl已经生成
SELECT any_path FROM resource_view WHERE any_path like '%temp_acl%';
--3 为 ACL 增加一个权限
begin
dbms_network_acl_admin.add_privilege(
acl => 'temp_acl.xml',
principal => 'BJHYFP', --可以使用该acl的用户
is_grant => TRUE,
privilege => 'connect',
start_date => null,
end_date => null);
end;
--4 分配将受该 ACL 制约的主机以及其他详细信息
begin
dbms_network_acl_admin.assign_acl(
acl => 'temp_acl.xml',
host => '192.168.0.189',
lower_port => null,
upper_port => null);
end;
--5 使用示例
declare
url varchar2(200) := 'http://192.168.0.189:8888/oraclehttp/servlet/orhttp?a=12';
req utl_http.req;
resp utl_http.resp;
value varchar2(2000);
begin
req := utl_http.begin_request(url);
resp := utl_http.get_response(req);
loop
utl_http.read_line(resp, value, TRUE);
dbms_output.put_line(value);
dbms_output.put_line('网站回复' || value);
end loop;
utl_http.end_response(resp);
EXCEPTION
WHEN utl_http.end_of_body THEN
utl_http.end_response(resp);
end;
1.CREATE_ACL Procedure创建ACL
Note:
This procedure is deprecated in Oracle Database 12c. While the procedure remains available in the package for reasons of backward compatibility, Oracle recommends using the APPEND_HOST_ACE Procedure and the APPEND_WALLET_ACE Procedure.
创建一个ACL并且授予默认的权限. An ACL must have at least one privilege setting. The ACL has no access control effect unless it is assigned to the network target.
Syntax
DBMS_NETWORK_ACL_ADMIN.CREATE_ACL (
acl IN VARCHAR2,
description IN VARCHAR2,
principal IN VARCHAR2,
is_grant IN BOOLEAN,
privilege IN VARCHAR2,
start_date IN TIMESTAMP WITH TIMEZONE DEFAULT NULL,
end_date IN TIMESTAMP WITH TIMEZONE DEFAULT NULL );
Parameters
Usage Notes
To drop the access control list, use the DROP_ACL Procedure.
Examples
BEGIN
DBMS_NETWORK_ACL_ADMIN.CREATE_ACL(
acl => 'us-example-com-permissions.xml',
description => 'Network permissions for *.us.example.com',
principal => 'SCOTT',
is_grant => TRUE,
privilege => 'connect');
END;
2.ADD_PRIVILEGE Procedure增加权限
Note:
This procedure is deprecated in Oracle Database 12c. While the procedure remains available in the package for reasons of backward compatibility, Oracle recommends using the APPEND_HOST_ACE Procedure and the APPEND_WALLET_ACE Procedure.
增加一个允许或拒绝用户网络访问的权限This procedure adds a privilege to grant or deny the network access to the user. The access control entry (ACE) is created if it does not exist.
Syntax
DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE (
acl IN VARCHAR2,
principal IN VARCHAR2,
is_grant IN BOOLEAN,
privilege IN VARCHAR2,
position IN PLS_INTEGER DEFAULT NULL,
start_date IN TIMESTAMP WITH TIMESTAMP DEFAULT NULL,
end_date IN TIMESTAMP WITH TIMESTAMP DEFAULT NULL );
Parameters
Examples
BEGIN
DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(
acl => 'us-example-com-permissions.xml',
principal => 'ST_USERS',
is_grant => TRUE,
privilege => 'connect')
END;
3.ASSIGN_ACL ProcedureACL指派ACL到目标主机的权限
Note:
This procedure is deprecated in Oracle Database 12c. While the procedure remains available in the package for reasons of backward compatibility, Oracle recommends using the APPEND_HOST_ACE Procedure and the APPEND_WALLET_ACE Procedure.
指派ACL到目标主机的权限
This procedure assigns an access control list (ACL) to a host computer, domain, or IP subnet, and if specified, the TCP port range.
Syntax
DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL (
acl IN VARCHAR2,
host IN VARCHAR2,
lower_port IN PLS_INTEGER DEFAULT NULL,
upper_port IN PLS_INTEGER DEFAULT NULL);
Parameters
Examples
BEGIN
DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL(
acl => 'us-example-com-permissions.xml',
host => '*.us.example.com',
lower_port => 80);
END;
APPEND_HOST_ACE Procedure 12c专用
This procedure appends an access control entry (ACE) to the access control list (ACL) of a network host. The ACL controls access to the given host from the database and the ACE specifies the privileges granted to or denied from the specified principal.
Syntax
DBMS_NETWORK_ACL_ADMIN.APPEND_HOST_ACE (
host IN VARCHAR2,
lower_port IN PLS_INTEGER DEFAULT NULL,
upper_port IN PLS_INTEGER DEFAULT NULL,
ace IN XS$ACE_TYPE);
Parameters
Table 101-5 APPEND_HOST_ACE Function Parameters
6.DELETE_PRIVILEGE Procedure从ACL删除权限
12c之前有效
Note:
This procedure is deprecated in Oracle Database 12c. While the procedure remains available in the package for reasons of backward compatibility, Oracle recommends using the REMOVE_HOST_ACE Procedure and the REMOVE_WALLET_ACE Procedure.
从ACL删除权限
This procedure deletes a privilege in an access control list.
Syntax
DBMS_NETWORK_ACL_ADMIN.DELETE_PRIVILEGE (
acl IN VARCHAR2,
principal IN VARCHAR2,
is_grant IN BOOLEAN DEFAULT NULL,
privilege IN VARCHAR2 DEFAULT NULL);
Parameters
Examples
BEGIN
DBMS_NETWORK_ACL_ADMIN.DELETE_PRIVILEGE(
acl => 'us-example-com-permissions.xml',
principal => 'ST_USERS')
END;
7.DROP_ACL Procedure删除一个ACL
Note:
This procedure is deprecated in Oracle Database 12c. The procedure remains available in the package only for reasons of backward compatibility.
删除一个ACL
This procedure drops an access control list (ACL).
Syntax
DBMS_NETWORK_ACL_ADMIN.DROP_ACL (
acl IN VARCHAR2);
Parameters
Table 101-15 DROP_ACL Procedure Parameters
Examples
BEGIN
DBMS_NETWORK_ACL_ADMIN.DROP_ACL(
acl => 'us-example-com-permissions.xml');
END;
REMOVE_HOST_ACE Procedure 12c专用
This procedure removes privileges from access control entries (ACE) in the access control list (ACL) of a network host matching the given ACE.
Syntax
DBMS_NETWORK_ACL_ADMIN.REMOVE_HOST_ACE (
host IN VARCHAR2,
lower_port IN PLS_INTEGER DEFAULT NULL,
upper_port IN PLS_INTEGER DEFAULT NULL,
ace IN XS$ACE_TYPE,
remove_empty_acl IN BOOLEAN DEFAULT FALSE);
Parameters
Table 101-16 REMOVE_HOST_ACE Function Parameters
4.SET_HOST_ACL Procedure
从数据库到目标主机的ACL权限
This procedure sets the access control list (ACL) of a network host which controls access to the host from the database.
Syntax
DBMS_NETWORK_ACL_ADMIN.SET_HOST_ACL (
host IN VARCHAR2,
lower_port IN PLS_INTEGER DEFAULT NULL,
upper_port IN PLS_INTEGER DEFAULT NULL,
acl IN VARCHAR2);
Parameters
Table 101-18 SET_HOST_ACL Function Parameters
5.SET_WALLET_ACL Procedure
This procedure sets the access control list (ACL) of a wallet which controls access to the wallet from the database.
Syntax
DBMS_NETWORK_ACL_ADMIN.SET_WALLET_ACL (
wallet_path IN VARCHAR2,
acl IN VARCHAR2);
Parameters
Table 101-19 SET_WALLET_ACL Function Parameters
8.UNASSIGN_ACL Procedure
Note:
This procedure is deprecated in Oracle Database 12c. While the procedure remains available in the package for reasons of backward compatibility, Oracle recommends using the REMOVE_HOST_ACE Procedure and the REMOVE_WALLET_ACE Procedure.
从网络主机中回收ACL权限This procedure unassigns the access control list (ACL) currently assigned to a network host.
Syntax
DBMS_NETWORK_ACL_ADMIN.UNASSIGN_ACL (
acl IN VARCHAR2 DEFAULT NULL,
host IN VARCHAR2 DEFAULT NULL,
lower_port IN PLS_INTEGER DEFAULT NULL,
upper_port IN PLS_INTEGER DEFAULT NULL);
Parameters
Examples
BEGIN
DBMS_NETWORK_ACL_ADMIN.UNASSIGN_ACL(
host => '*.us.example.com',
lower_port => 80);
END;
------第二回
DECLARE
uprinciple varchar2(20);
principle varchar2(20);
BEGIN
uprinciple:=upper('&principle');
dbms_output.put_line(uprinciple);
DBMS_NETWORK_ACL_ADMIN.CREATE_ACL(
acl => 'us-example-com-permissions1.xml',
description => 'Network permissions for *.us.example.com',
principal => uprinciple,
is_grant => TRUE,
privilege => 'connect');
END;
