Network Access Control List (ACL) ------------------------------------------------------------------------------------------------------------------------------------ * To disable the functionality of ACL (i.e. revert back to pre-11g behavior, or almost): begin dbms_network_acl_admin.create_acl ( acl => 'all-network-PUBLIC.xml', description => 'Network connects for all', principal => 'PUBLIC', is_grant => true, privilege => 'connect' ); dbms_network_acl_admin.add_privilege ( acl => 'all-network-PUBLIC.xml', principal => 'PUBLIC', is_grant => true, privilege => 'resolve', ); dbms_network_acl_admin.assign_acl ( acl => 'all-network-PUBLIC.xml', host => '*'); end; / Note that you cannot drop all the ACLs as shown in dba_network_acls and expect to achieve the same effect, because within a PL/SQL stored program, some "hidden" ACL will still block you. You check by --drop all ACLs one by one, all-network-PUBLIC.xml as an example name here exec dbms_network_acl_admin.drop_acl('all-network-PUBLIC.xml') --procedures in dbms_network_acl_admin need explicit commit commit; --make sure no rows selected by this query select * from dba_network_acls; --either make sure public is allowed to run utl_http or grant execute privilege to a user select grantee from dba_tab_privs where table_name = 'UTL_HTTP'; --connect to a non-sys user such as system and access google.com from a procedure conn system create or replace procedure test_acl as x varchar2(4000); begin select utl_http.request('http://www.google.com') into x from dual; end; / SQL> exec test_acl BEGIN test_acl; END; * ERROR at line 1: ORA-29273: HTTP request failed ORA-06512: at "SYS.UTL_HTTP", line 1720 ORA-24247: network access denied by access control list (ACL) ORA-06512: at line 1 ORA-06512: at "SYSTEM.TEST_ACL", line 4 ORA-06512: at line 1 If you really want nothing in dba_network_acls instead of creating an ACL that allows everything, then (1) create the procedure in sys instead of system, or (2) create it in the non-sys account but with invoker's right (add "authid current_user" in the definition), or (3) run the code as anonymous PL/SQL instead of a stored procedure Ref: https://community.oracle.com/message/14245981 ------------------------------------------------------------------------------------------------------------------------------------ * Disable ACL on JDWP (Java Debug Wire Protocol) SQL Developer Debugger Raises ACL Error Against 12 Database (Doc ID 1627194.1) Solution: begin dbms_network_acl_admin.append_host_ace (host => '*', lower_port => null, upper_port => null, ace => xs$ace_type(privilege_list => xs$name_list('jdwp'), principal_name => '*', principal_type => xs_acl.ptype_db) ); end; / ------------------------------------------------------------------------------------------------------------------------------------ * Data dictionary Query dba_network_acls and dba_network_acl_privileges: col host for a30 col acl for a35 col start_date for a40 col end_date for a6 col principal for a25 select * from dba_network_acls order by acl; select * from dba_network_acl_privileges; Sys.net$_acl shows allowed port ranges (12c has documented dba_host_aces, dba_host_acls). ACL description is seen in xdb.xdb$acl, or xds_acl. But a query of xdb.xdbacl_path_tab will throw error ORA-30967 (operation directly on the Path Table is disallowed). You can find out what users currently need access to the network related packages (i.e. need ACLs opened for them): col referenced_name for a20 select referenced_name, type, owner, name from dba_dependencies where referenced_name in ('UTL_TCP','UTL_SMTP','UTL_MAIL','UTL_HTTP','UTL_INADDR') and owner not in ('SYS','PUBLIC','ORDPLUGINS','ORACLE_OCM','MDSYS') order by 1, 2, 3; ------------------------------------------------------------------------------------------------------------------------------------ * Event According to Oracle document SRDC - How to Collect Standard Information for Access Control Lists (ACLs) (Doc ID 1905572.1) or Vlad Visan-Oracle's message at https://community.oracle.com/message/13756725 event 10937 at level 7 will help debug network ACLs (in spite of the description in `oerr ora 10937' as "tracing of PL/SQL packages"). For example, alter session set events '10937 trace name context forever, level 7'; select utl_http.request('http://www.google.com') from dual; alter session set events '10937 trace name context off'; The trace file will contain lines like psdnop: SYSTEM 5 2 www.google.com:80 psdnop: granted as XDB priv user where the user for the session is SYSTEM with user ID 5 and he is trying to access www.google.com at port 80 and the access is granted. If it was denied, the last line would be "psdnop: not granted" instead. The Oracle function responsible for this event is psdnop. Other functions related to network ACLs are psdnopCheckAcl (12c only), psdnopCheckPrivilege, etc. They all use event 10937. Event 10937 does not generate a trace file at least in 12cR2. But event 10590 (at level 14) does, if ACL is disabled. (Ref: 2298091.1)