OCP-1Z0-053-V12.02-7题

最新推荐文章于 2024-09-02 07:36:45 发布

原创最新推荐文章于 2024-09-02 07:36:45 发布 · 1w 阅读

1 ·

CC 4.0 BY-SA版权

OCP11g解析同时被 2 个专栏收录

870 篇文章

订阅专栏

OCP-1Z0-053

796 篇文章

订阅专栏

本文介绍如何使用Oracle的DBMS_NETWORK_ACL_ADMIN包创建网络访问控制列表(ACL)，实现数据库内部对外部网络资源的细粒度访问控制。通过设置用户权限，控制特定用户组连接到一个或多个主机。

7.You need to configure fine-grained access control to external network resources from within your

database. You create an access control list (ACL) using the DBMS_NETWORK_ACL_ADMIN package.

Which statement is true regarding the ACL created?

A. It is a list of remote database links stored in the XML file that are available to the users of the database.

B. It is a list of users and network privileges stored in the XML file according to which a group of users can connect to one or more hosts.

C. It is a list of users and network privileges stored in the data dictionary according to which a group of

users can connect to one or more hosts.

D. It is the list of the host names or the IP addresses stored in the data dictionary that can connect to your

database through PL/SQL network utility packages such as UTL_TCP.

Answer: B

答案解析：

参考：http://docs.oracle.com/cd/E11882_01/network.112/e36292/authorization.htm#DBSEG99983

The DBMS_NETWORK_ACL_ADMIN package provides the interface to administer the network Access Control List (ACL).

Create the Access Control List and Its Privilege Definitions

Use the DBMS_NETWORK_ACL_ADMIN.CREATE_ACL procedure to create the content of the access control list. It contains a name of the access control list, a brief description, and privilege settings for one user or role that you want to associate with the access control list. In an access control list, privileges for each user or role are grouped together as an access control entry (ACE). An access control list must have the privilege settings for at least one user or role.

Note:

You cannot import or export the access control list settings by using the Oracle Database import or export utilities such as Oracle Data Pump.

for example:

BEGIN

DBMS_NETWORK_ACL_ADMIN.CREATE_ACL (

acl => '

file_name

.xml',

description => '

file description

principal => '

user_or_role

is_grant => TRUE|FALSE,

privilege => 'connect|resolve',

start_date => null|

timestamp_with_time_zone

end_date => null|

timestamp_with_time_zone

);

END;

In this specification:

acl: Enter a name for the access control list XML file. Oracle Database creates this file relative to the /sys/acls directory in the XML DB Repository in the database. Include the .xml extension. For example:

acl => 'us-example-com-permissions.xml',
description: Enter a brief description of the purpose of this file. For example:

description => 'Network connection permission for ACCT_MGR role',
principal: Enter the first user account or role being granted or denied permissions. For example:

principal => 'ACCT_MGR',

Enter the name of the user account or role in case sensitive characters. For example, if the database stores the role name ACCT_MGR in all capital letters, entering it in mixed or lower case will not work. You can find the user accounts and roles in the current database instance by querying the DBA_USERSand DBA_ROLES data dictionary views. Typically, user names and roles are stored in upper-case letters.

If you want to enter multiple users or grant additional privileges to this user or role, use the DBMS_NETWORK_ACL.ADD_PRIVILEGE procedure (described next) after you have created this access control list XML file.
is_grant: Enter either TRUE or FALSE, to indicate whether the privilege is to be granted or denied. For example:

is_grant => TRUE,
privilege: Enter either connect or resolve. This setting is case sensitive, so always enter it in lowercase. For example:

privilege => 'connect',

The connect privilege grants the user permission to connect to a network service at an external host. The resolve privilege grants the user permission to resolve a network host name or an IP address.

A database user needs the connect privilege to an external network host computer if he or she is connecting using the UTL_TCP, UTL_SMTP, UTL_MAIL,UTL_HTTP, the DBMS_LDAP package, and the HttpUriType type. To resolve the host name that was given a host IP address, or the IP address that was given a host name, with the UTL_INADDR package, grant the database user the resolve privilege instead.

start_date: (Optional) Enter the start date for the access control entry (ACE), in TIMESTAMP WITH TIME ZONE format (YYYY-MM-DD HH:MI:SS.FF TZR). When specified, the access control entry will be valid only on or after the specified date. The default is null. For example, to set a start date of February 28, 2008, at 6:30 a.m. in San Francisco, California, U.S., which is in the Pacific time zone:
start_date => '2008-02-28 06:30:00.00 US/Pacific',

The NLS_TIMESTAMP_FORMAT initialization parameter sets the default timestamp format.
end_date: (Optional) Enter the end date for the access control entry (ACE), in TIMESTAMP WITH TIME ZONE format (YYYY-MM-DD HH:MI:SS.FF TZR). When specified, the access control entry expires after the specified date. The end_date setting must be greater than or equal to the start_date setting. The default is null.

For example, to set an end date of December 10, 2008, at 11:59 p.m. in San Francisco, California, U.S., which is in the Pacific time zone:

end_date => '2008-12-10 23:59:00.00 US/Pacific');