Oracle RDBMS 220.127.116.11
SQL Developer 18.104.22.168
In our development environment, our development team would like to login using SQL Developer and run the debugger. There are 10 developers, with SQL Developer installed on their desktop. Anybody who connects as 'SCOTT' should be able to run the debugger on one of their procedures. The error ORA-24247 network access denied by access control list (ACL).
Each of these desktops is in the same domain.
I tried adding this ACE:
HOST => '*.my.domain',
lower_port => NULL,
upper_port => NULL,
ace => xs$ace_type (privilege_list => xs$name_list ('jdwp'),
principal_name => 'SCOTT',
principal_type => xs_acl.ptype_db));
The only thing that works is to hard code the IP address. I opened an Oracle SR and am told that an IP is required, it is not possible to use anything else.
I could see in a bigger shop than mine that this would be maintenance nightmare. If you carry your laptop around and log in at different locations, you'll still be in the same domain but have a different IP. Somebody gets a new workstation, there is a new IP. It seems crazy to me.
SQL Developer is meant to be Oracle's development tool, how can it be so hard to run the debugger!
"The connection works by "word matching" , so it takes your IP and tries to match it with what you have included in the ACLs.
That is why your IP works : the IP matches with what you have in the ACL.
When you try to use the "domain/host based ACL, the matching is done between your IP and domain/host which do not match ( numbers vs words/characters) .
You would think that the DNS would take care of the name translation for the ACL, but the connection does not reach the DNS server, it is abruptly stopped by the ACLs.
It was suggested that you implement IP based ACLs for each of the developers that need to use that debug tool."
Does anyone have a different insight into this? I feel like I'm missing something.