There is one other restriction to ACL's that is NOT documented, I had to open a TAR to find this one. If specifying a port range the upper port must be higher than the lower port and that difference cannot exceed 9000. I was asked by one of our developers to open an acl from port 80 to 10960 so that he could access a web server in the company as well as a TIBOC web service. The acl creation went without an error, but when he tried to access TIBCO it would not allow him, giving back an out of range message. Dick Goulet Senior Oracle DBA/NA Team Lead PAREXEL International -----Original Message----- From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx] On Behalf Of Christoph Sent: Friday, August 20, 2010 4:40 PM To: oracle-l@xxxxxxxxxxxxx Subject: Re: Access Control Lists in 11g Alright, now I've answered at least one of my own questions. I have located the Oracle documentation explaining that you can only have on ACL per host (see Usage Notes at http://download.oracle.com/docs/cd/E11882_01/appdev.112/e10577/d_network acl_adm.htm#BABDIGJC) Now I still would like to know how I can add a user who to have access to only one host, when the host's ACL is assigned to multiple hosts. Thanks! -- "Men do not quit playing because they grow old; they grow old because they quit playing." - Justice Oliver Wendell Holmes -- //www.freelists.org/webpage/oracle-l -- //www.freelists.org/webpage/oracle-l