Skip to main content

How to resolve ORA-24247: Network Access Denied by ACL

🌐 ORA-24247: Network Access Denied by ACL in Oracle – Explained & Resolved

When working with Oracle debugging features like DBMS_DEBUG_JDWP, you might encounter the following error:

ORA-24247: Network access denied by access control list (ACL)
ORA-06512: at "SYS.DBMS_DEBUG_JDWP", line 68
ORA-06512: at line 1

This blog will walk you through the cause and step-by-step resolution of this issue using Oracle Access Control Lists (ACLs).

❓ What Is Causing This Error?

  • ACL Restriction: The database user is trying to initiate a network connection (e.g., for debugging), but no ACL grants access to the specified IP and port.
  • Missing Privileges: The user may lack the connect or resolve privilege in the ACL linked to that host/port.

Example Failing Statement:

CALL DBMS_DEBUG_JDWP.CONNECT_TCP('10.1.1.1', '62918');

✅ Step-by-Step Solution

πŸ”§ 1. Create a New ACL

BEGIN
  DBMS_NETWORK_ACL_ADMIN.CREATE_ACL(
    acl         => 'debug_acl.xml',
    description => 'ACL for debugging',
    principal   => 'TEST',
    is_grant    => TRUE,
    privilege   => 'connect'
  );
END;
/

πŸ” 2. (Optional) Add PUBLIC Privilege

BEGIN
  DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(
    acl         => 'debug_acl.xml',
    principal   => 'PUBLIC',
    is_grant    => TRUE,
    privilege   => 'connect'
  );
END;
/

Note: This step is optional and should be used with caution.

🌍 3. Assign the ACL to the Host and Port

BEGIN
  DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL(
    acl         => 'debug_acl.xml',
    host        => '10.1.1.1',
    lower_port  => 62918,
    upper_port  => 62918
  );
END;
/

πŸ”“ 4. Add Resolve Privilege

BEGIN
  DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(
    acl        => 'debug_acl.xml',
    principal  => 'TEST',
    is_grant   => TRUE,
    privilege  => 'resolve'
  );
END;
/

πŸ’Ύ 5. Commit the Changes

COMMIT;

πŸ” Verifying ACL Configuration

πŸ“„ View Assigned ACLs:

SELECT acl, host, lower_port, upper_port
FROM dba_network_acls;

πŸ‘€ View ACL Privileges:

SELECT acl, principal, privilege, is_grant
FROM dba_network_acl_privileges;

🎯 Final Result

With these ACL entries in place, the user TEST can now successfully call:

CALL DBMS_DEBUG_JDWP.CONNECT_TCP('10.1.1.1', '62918');

No more ORA-24247 errors! πŸŽ‰

πŸ›‘️ Best Practices

  • Grant ACL privileges only to required users.
  • Be cautious with PUBLIC access.
  • Use specific host and port ranges instead of wildcards.
  • Review ACL entries regularly for security audits.

Got questions or need help automating ACL configuration with a script or Ansible? Drop a comment or reach out! πŸš€

Labels:

Comments

Post a Comment

Popular posts from this blog

πŸš€ Automating Oracle Database Patching with Ansible: A Complete Guide

Oracle database patching has long been the bane of DBAs everywhere. It's a critical task that requires precision, expertise, and often results in extended maintenance windows. What if I told you that you could automate this entire process, reducing both risk and downtime while ensuring consistency across your Oracle estate? πŸ’‘ In this comprehensive guide, I'll walk you through a production-ready Ansible playbook that completely automates Oracle patch application using OPatch. Whether you're managing a single Oracle instance or hundreds of databases across your enterprise, this solution will transform your patch management strategy! 🎯 πŸ”₯ The Challenge: Why Oracle Patching is Complex Before diving into the solution, let's understand why Oracle patching is so challenging: πŸ”— Multiple dependencies : OPatch versions, Oracle Home configurations, running processes ⚠️ Risk of corruption : Incorrect patch application can render databases unusable ⏰ Downtime requirements : Da...
Post a Comment
Read more

🐳Oracle 19c Database Deployment with Docker

Oracle 19c Database Deployment with Docker 🐳 Oracle 19c Database Deployment with Docker Welcome to this comprehensive guide on deploying, configuring, and managing Oracle 19c Database using Docker containers. This blog will walk you through the entire process from setup to production best practices with practical code examples. Docker provides an excellent way to run Oracle databases in isolated, portable containers, making it easy to deploy and manage Oracle 19c instances for development, testing, and production environments. This approach offers numerous benefits: πŸ”’ Isolation : Run Oracle in a containerized environment without affecting your host system 🚚 Portability : Easily move your database between different environments πŸ”„ Reproducibility : Quickly spin up identical database instances ⚡ Resource Efficiency : Use Docker's resource management capabilities to control CPU, memory, and stor...
Post a Comment
Read more

Mastering Oracle RAC with CRSCTL commands

Mastering Oracle Clusterware Administration: Essential Commands & Best Practices Oracle Clusterware is a key component for managing cluster environments, ensuring high availability and resource management for Oracle databases. Below are essential commands for managing Oracle Clusterware effectively. What is crsctl? crsctl (Cluster Ready Services Control) is a command-line utility provided by Oracle to manage Oracle Clusterware. It allows administrators to start, stop, check, and configure various aspects of cluster services. With crsctl , DBAs can control cluster resources, manage voting disks, check the status of Oracle High Availability Services, and ensure the proper functioning of Oracle RAC environments. Starting and Stopping Oracle Clusterware On Local Node Stop Clusterware: crsctl stop cluster Start Clusterware: crsctl start cluster On RAC Standalone/Oracle Restart Stop Cluster: crsctl stop has Start Cluster: crsctl start has On All Nodes or All Hub Nodes Start Clusterware:...
Post a Comment
Read more