ORA-24247

OracleDB‎ > ‎Error‎ > ‎

Error:

ORA-24247: network access denied by access control list (ACL)?

Cause:

Oracle Database 11g comes with a new security functionality which implements Access Control Lists for UTL_TCP/HTTP/SMTP.

Solution:

An Access Control List with privileges to use the SMTP (in this case) package for the IP of the mail server specified for the specific user/schema that sends out mail should be created.

Create an ACL:

begin

        dbms_network_acl_admin.create_acl (

                acl             => 'mail_acl.xml',

description     => 'Mail ACL',

                principal       => 'CONNECT',

                is_grant        => TRUE,

                privilege       => 'connect',

                start_date      => null,

                end_date        => null

);

end;

Then grant the user/schema access to the ACL:

begin

  dbms_network_acl_admin.add_privilege (

  acl                                      => 'mail_acl.xml',

  principal       => 'MYUSER',

  is_grant        => TRUE,

  privilege       => 'connect',

  start_date    => null,

  end_date     => null);

end;

Add the SMTP server to be used by the ACL

begin

  dbms_network_acl_admin.assign_acl (

  acl => 'mail_acl.xml',

  host => 'smtp.mymailserver.tld',

  lower_port => 1,

  upper_port => 10000);

end;

Grant execute permission on the SMTP package to the user:

grant execute on utl_smtp to myuser;

Comments

	Search this site