Skip to main content

How to resolve ORA-24247: Network Access Denied by ACL

🌐 ORA-24247: Network Access Denied by ACL in Oracle – Explained & Resolved

When working with Oracle debugging features like DBMS_DEBUG_JDWP, you might encounter the following error:

ORA-24247: Network access denied by access control list (ACL)
ORA-06512: at "SYS.DBMS_DEBUG_JDWP", line 68
ORA-06512: at line 1

This blog will walk you through the cause and step-by-step resolution of this issue using Oracle Access Control Lists (ACLs).

❓ What Is Causing This Error?

  • ACL Restriction: The database user is trying to initiate a network connection (e.g., for debugging), but no ACL grants access to the specified IP and port.
  • Missing Privileges: The user may lack the connect or resolve privilege in the ACL linked to that host/port.

Example Failing Statement:

CALL DBMS_DEBUG_JDWP.CONNECT_TCP('10.1.1.1', '62918');

✅ Step-by-Step Solution

🔧 1. Create a New ACL

BEGIN
  DBMS_NETWORK_ACL_ADMIN.CREATE_ACL(
    acl         => 'debug_acl.xml',
    description => 'ACL for debugging',
    principal   => 'TEST',
    is_grant    => TRUE,
    privilege   => 'connect'
  );
END;
/

🔐 2. (Optional) Add PUBLIC Privilege

BEGIN
  DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(
    acl         => 'debug_acl.xml',
    principal   => 'PUBLIC',
    is_grant    => TRUE,
    privilege   => 'connect'
  );
END;
/

Note: This step is optional and should be used with caution.

🌍 3. Assign the ACL to the Host and Port

BEGIN
  DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL(
    acl         => 'debug_acl.xml',
    host        => '10.1.1.1',
    lower_port  => 62918,
    upper_port  => 62918
  );
END;
/

🔓 4. Add Resolve Privilege

BEGIN
  DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(
    acl        => 'debug_acl.xml',
    principal  => 'TEST',
    is_grant   => TRUE,
    privilege  => 'resolve'
  );
END;
/

💾 5. Commit the Changes

COMMIT;

🔍 Verifying ACL Configuration

📄 View Assigned ACLs:

SELECT acl, host, lower_port, upper_port
FROM dba_network_acls;

👤 View ACL Privileges:

SELECT acl, principal, privilege, is_grant
FROM dba_network_acl_privileges;

🎯 Final Result

With these ACL entries in place, the user TEST can now successfully call:

CALL DBMS_DEBUG_JDWP.CONNECT_TCP('10.1.1.1', '62918');

No more ORA-24247 errors! 🎉

🛡️ Best Practices

  • Grant ACL privileges only to required users.
  • Be cautious with PUBLIC access.
  • Use specific host and port ranges instead of wildcards.
  • Review ACL entries regularly for security audits.

Got questions or need help automating ACL configuration with a script or Ansible? Drop a comment or reach out! 🚀

Labels:

Comments

Post a Comment

Popular posts from this blog

🚀 Automating Oracle Database Patching with Ansible: A Complete Guide

Oracle database patching has long been the bane of DBAs everywhere. It's a critical task that requires precision, expertise, and often results in extended maintenance windows. What if I told you that you could automate this entire process, reducing both risk and downtime while ensuring consistency across your Oracle estate? 💡 In this comprehensive guide, I'll walk you through a production-ready Ansible playbook that completely automates Oracle patch application using OPatch. Whether you're managing a single Oracle instance or hundreds of databases across your enterprise, this solution will transform your patch management strategy! 🎯 🔥 The Challenge: Why Oracle Patching is Complex Before diving into the solution, let's understand why Oracle patching is so challenging: 🔗 Multiple dependencies : OPatch versions, Oracle Home configurations, running processes ⚠️ Risk of corruption : Incorrect patch application can render databases unusable ⏰ Downtime requirements : Da...
Post a Comment
Read more

🚀 DB BOT: Real-Time Oracle & GoldenGate Monitoring in Slack

In today's fast-paced DevOps environment, quick access to database metrics is essential. This blog will walk you through creating a Slack bot that provides real-time monitoring of Oracle databases and Golden Gate replication. With simple slash commands, your team can check tablespace usage, Flash Recovery Area status, and Golden Gate replication health directly in Slack. Project Overview Our "DB Bot" offers these key capabilities: Monitor tablespace usage across multiple Oracle databases Check Flash Recovery Area (FRA) status on multiple databases View GoldenGate process status across different servers List GoldenGate credential stores Monitor replication lag in GoldenGate Prerequisites Node.js v14+ Python 3.6+ Oracle client libraries (instantclient_21_19) Access to Oracle databases and GoldenGate servers A Slack workspace with permissions to add apps   Project Structure oracle-slack-bot...
1 comment
Read more

Oracle Golden Gate Bi-directional Replication Implementation Guide

Oracle GoldenGate (OGG) is a comprehensive software package for real-time data integration and replication in heterogeneous IT environments. Bi-directional replication enables organizations to maintain synchronized data across multiple data centers, providing high availability, disaster recovery, and load distribution capabilities. This detailed guide provides step-by-step instructions for implementing Oracle GoldenGate bi-directional replication between two Oracle databases. Architecture Overview In this setup, we'll configure: TestDC1 : Primary data center with TestDB1 TestDC2 : Secondary data center with TestDB2 Bi-directional sync : Changes flow in both directions with conflict resolution Step 1: Software Installation ⚠️ SERVER EXECUTION: Perform these steps on BOTH TestDC1 and TestDC2 servers Step 1.1: Download and Prepare Software First, create the necessary directory structure and prepare for installation: # Create directory for the software mkdir /data01/ogg_setup cd /d...
Post a Comment
Read more