Access Control Lists in 11g

  • From: Christoph <cruepprich@xxxxxxxxx>
  • To: oracle-l@xxxxxxxxxxxxx
  • Date: Fri, 20 Aug 2010 14:53:40 -0500

Hi all,
As I was experimenting and learing about creating ACLs, I came accross
this issue:
I created an ACL, acl_1, and assigned it to a host, host_1.

The table dba_network_acls showed the following:

HOST LOWER_PORT UPPER_PORT ACL                         ACLID
/sys/acls/acl_1.xml   8E46769AA13863BCE040320A58064404

Then I created another ACL, acl_2, and assigned it also to host_1.
When I checked dba_network_acls I saw:

HOST LOWER_PORT UPPER_PORT ACL                         ACLID
/sys/acls/acl_2.xml   8E46769AA13863BCE040320A58064404

acl_2 replaced acl_1!

I assume that this is Oracle's normal behavior, but I haven't found
anything in the documentation that hints to the fact that when you
assign a second ACL to a host that already has an ACL assignment, the
first ACL assignment gets replaced by the second.
Is there a way to somehow allow two ACLs for a single host?

Consider this scenario:
acl_1 is assigned to host_1 and host_2.

Now I want to have a particular user to only have access to host_1. If
I add the user to acl_1, then the privileges for that user will be in
effect for host_1 and host_2.

How can I have this new user only have access to host_1?


"Men do not quit playing because they grow old; they grow old because
they quit playing."
- Justice Oliver Wendell Holmes

Other related posts: