Oracle 11gR1中细粒度接见会面网络服务(3)

作者: 黄永兵 理由:51CTO.com　
 

权限反省

处置会见控制列表视图外，还可以运用DBMS_NETWORK_ACL_ADMIN包中的CHECK_PRIVILEGE和CHECK_PRIVILEGE_ACLID函数来反省权限。

CONN sys/password@db11g AS SYSDBA
SELECT DECODE(
         DBMS_NETWORK_ACL_ADMIN.check_privilege('test_acl_file.xml', 'TEST1', 'connect'),
         1, 'GRANTED', 0, 'DENIED', NULL) privilege 
FROM dual;
PRIVILE
-------
GRANTED
1 row selected.
SQL> 
COLUMN acl FORMAT A30
COLUMN host FORMAT A30
SELECT acl,
       host,
       DECODE(
         DBMS_NETWORK_ACL_ADMIN.check_privilege_aclid(aclid, 'TEST2', 'connect'),
         1, 'GRANTED', 0, 'DENIED', NULL) privilege 
FROM   dba_network_acls;
PRIVILE
-------
DENIED
1 row selected.
SQL>

DBMS_NETWORK_ACL_UTILITY包包括了帮忙鉴定可以娶亲的域的函数，DOMAINS表函数按挨次前往通盘可以受影响的主机，域，ip所在或子网的堆积。

SELECT *
FROM   TABLE(DBMS_NETWORK_ACL_UTILITY.domains('oel5-11g.localdomain'));
COLUMN_VALUE
-------------------------------
oel5-11g.localdomain
*.localdomain
*
3 rows selected.
SQL>
SELECT *
FROM   TABLE(DBMS_NETWORK_ACL_UTILITY.domains('192.168.2.3'));
COLUMN_VALUE
-------------------------------
192.168.2.3
192.168.2.*
192.168.*
192.*
*
5 rows selected.
SQL>

DOMAIN_LEVEL函数前往主机，域，ip所在或子网的级数。

SELECT DBMS_NETWORK_ACL_UTILITY.domain_level('oel5-11g.localdomain')
FROM   dual;
DBMS_NETWORK_ACL_UTILITY.DOMAIN_LEVEL('OEL5-11G.LOCALDOMAIN')
-------------------------------------------------------------
                                                            2
1 row selected.
SQL> 
SELECT DBMS_NETWORK_ACL_UTILITY.domain_level('192.168.2.3')
FROM   dual;
DBMS_NETWORK_ACL_UTILITY.DOMAIN_LEVEL('192.168.2.3')
----------------------------------------------------
                                                   4
1 row selected.
SQL>

在为可以娶亲的主机，域，ip所在或子网盘问接见会面控制列表视图是这些函数可以极度有用。

SELECT host,
       lower_port,
       upper_port,
       acl,
       DECODE(
         DBMS_NETWORK_ACL_ADMIN.check_privilege_aclid(aclid,  'TEST1', 'connect'),
         1, 'GRANTED', 0, 'DENIED', null) PRIVILEGE
FROM   dba_network_acls
WHERE  host IN (SELECT *
                FROM   TABLE(DBMS_NETWORK_ACL_UTILITY.domains('10.1.10.191')))
ORDER BY 
       DBMS_NETWORK_ACL_UTILITY.domain_level(host) desc, lower_port, upper_port;
HOST                           LOWER_PORT UPPER_PORT ACL                            PRIVILE
------------------------------ ---------- ---------- ------------------------------ -------
10.1.10.*                                            /sys/acls/test_acl_file.xml    GRANTED
1 row selected.
SQL>

版权声明： 原创作品，允许转载，转载时请务必以超链接体例标明文章 原始理由 、作者信息和本声明。不然将究查法令责任。