3.3.7.1 Granting Connect Privileges
The following example demonstrates how to grant connect privileges to any host for theAPEX_040000 database user. This example assumes you connected to the database where Oracle Application Express is installed as SYS specifying the SYSDBA role.DECLARE ACL_PATH VARCHAR2(4000); ACL_ID RAW(16); BEGIN -- Look for the ACL currently assigned to '*' and give APEX_040000 -- the "connect" privilege if APEX_040000 does not have the privilege yet. SELECT ACL INTO ACL_PATH FROM DBA_NETWORK_ACLS WHERE HOST = '*' AND LOWER_PORT IS NULL AND UPPER_PORT IS NULL; -- Before checking the privilege, ensure that the ACL is valid -- (for example, does not contain stale references to dropped users). -- If it does, the following exception will be raised: -- -- ORA-44416: Invalid ACL: Unresolved principal 'APEX_040000' -- ORA-06512: at "XDB.DBMS_XDBZ", line ... -- SELECT SYS_OP_R2O(extractValue(P.RES, '/Resource/XMLRef')) INTO ACL_ID FROM XDB.XDB$ACL A, PATH_VIEW P WHERE extractValue(P.RES, '/Resource/XMLRef') = REF(A) AND EQUALS_PATH(P.RES, ACL_PATH) = 1; DBMS_XDBZ.ValidateACL(ACL_ID); IF DBMS_NETWORK_ACL_ADMIN.CHECK_PRIVILEGE(ACL_PATH, 'APEX_040000', 'connect') IS NULL THEN DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(ACL_PATH, 'APEX_040000', TRUE, 'connect'); END IF; EXCEPTION -- When no ACL has been assigned to '*'. WHEN NO_DATA_FOUND THEN DBMS_NETWORK_ACL_ADMIN.CREATE_ACL('power_users.xml', 'ACL that lets power users to connect to everywhere', 'APEX_040000', TRUE, 'connect'); DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL('power_users.xml','*'); END;
The following example demonstrates how to provide less privileged access to local network resources. This example would enable indexing the Oracle Application Express Online Help and could possibly enable email and PDF printing if those servers were also on the local host.
DECLARE ACL_PATH VARCHAR2(4000); ACL_ID RAW(16); BEGIN -- Look for the ACL currently assigned to 'localhost' and give APEX_040000 -- the "connect" privilege if APEX_040000 does not have the privilege yet. SELECT ACL INTO ACL_PATH FROM DBA_NETWORK_ACLS WHERE HOST = 'localhost' AND LOWER_PORT IS NULL AND UPPER_PORT IS NULL; -- Before checking the privilege, ensure that the ACL is valid -- (for example, does not contain stale references to dropped users). -- If it does, the following exception will be raised: -- -- ORA-44416: Invalid ACL: Unresolved principal 'APEX_040000' -- ORA-06512: at "XDB.DBMS_XDBZ", line ... -- SELECT SYS_OP_R2O(extractValue(P.RES, '/Resource/XMLRef')) INTO ACL_ID FROM XDB.XDB$ACL A, PATH_VIEW P WHERE extractValue(P.RES, '/Resource/XMLRef') = REF(A) AND EQUALS_PATH(P.RES, ACL_PATH) = 1; DBMS_XDBZ.ValidateACL(ACL_ID); IF DBMS_NETWORK_ACL_ADMIN.CHECK_PRIVILEGE(ACL_PATH, 'APEX_040000', 'connect') IS NULL THEN DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(ACL_PATH, 'APEX_040000', TRUE, 'connect'); END IF;
EXCEPTION
-- When no ACL has been assigned to 'localhost'.
WHEN NO_DATA_FOUND THEN
DBMS_NETWORK_ACL_ADMIN.CREATE_ACL('local-access-users.xml',
'ACL that lets power users to connect to everywhere',
'APEX_040000', TRUE, 'connect');
DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL('local-access-users.xml','localhost');
END;
http://docs.oracle.com/cd/E17556_01/doc/install.40/e15513/otn_install.htm#BABBHCID
No comments:
Post a Comment