When running into ACL issues, you might have to rerun the grants.ddl. This file is part of the DB install kit. This dll will allow the user to drop the ACL and then recreate it.
The syntax is:
sqlplus -L %GT_SYS_USER%/%GT_SYS_PASSWORD%%GT_TNS% @grants.ddl %GT_REP_USER% %GT_REP_USER_UC% >> repository.log
%GT_SYS_USER% is the system user
%GT_TNS% TNS alias for target database
% GT_REP_USER% is the repository user
%GT_REP_USER_UC% is the repo user in Uppercase
Note: There is no way to bypass the use of ACLs. ACL were introduced from Oracle 11g to remove a security risk to the database. Connect and resolve privileges will be needed for our repository.
The link "Fine grained access to network services 11g -> Assign an ACL to a network" provides detailed information about ACLs. Our grants.ddl uses * when assigning the ACL to the host. This would allow the ACL to resolve network addresses using UTL_INADDR
Note: It is believed that our product does not use the following APIs (
For now, it is suggested that these two ACLs resolve1.xml and resolve2.xml be created.
- The first one is assigned to hostname like DEV01-main*
- The second one is assigned to the subnet where the server is hosted like 192.168.*.*
The ACL should be created by the repository owner. The IP address would be the machine where the repository is installed. The hostname needs to be included as well. If uppercase and lowercase hostnames are considered different entities, then you would need to include both upper and lower cases.
As discussed to get the hostname, please run:
select SYS_CONTEXT ('USERENV','SERVER_HOST') from dual
You can also use the following query:
SELECT DISTINCT upper (instance_name),
( CASE instr (UTL_INADDR.get_host_address (host_name),'%')
WHEN 0 then UTL_INADDR.get_host_address (host_name)
ELSE substr (UTL_INADDR.get_host_address (host_name), 1, instr (UTL_INADDR.get_host_address (host_name),'%') -1 )
END ) ip_address
This will give you the hostname you can run:
SELECT host_name FROM gv$instance