Dbms_network_acl_admin.remove_host_ace Fails with Error: ORA-01927 (Doc ID 1640921.1)

Last updated on OCTOBER 12, 2016

Applies to:

Oracle Database - Enterprise Edition - Version 12.1.0.1 and later
Information in this document applies to any platform.

Symptoms

On : 12.1.0.1 version, Database Security

When attempting to DBMS_NETWORK_ACL_ADMIN.REMOVE_HOST_ACE,
the following error occurs.

ERROR
-----------------------

ORA-01927: cannot REVOKE privileges you did not grant


STEPS
-----------------------
The issue can be reproduced at will with the following steps:

1) sqlplus / as sysdba

2) BEGIN
  DBMS_NETWORK_ACL_ADMIN.APPEND_HOST_ACE(
  host => 'SMTP_OUT_SERVER_setting',
  lower_port => 25,
  ace => xs$ace_type(privilege_list => xs$name_list('smtp'),
  principal_name => 'FGA_ADMIN',
  principal_type => xs_acl.ptype_db));
  END;
  /

3) BEGIN
  DBMS_NETWORK_ACL_ADMIN.REMOVE_HOST_ACE(
  host => 'SMTP_OUT_SERVER_setting',
  ace => xs$ace_type(privilege_list => xs$name_list('smtp'),
  principal_name => 'FGA_ADMIN',
  principal_type => xs_acl.ptype_db));
  END;
  /

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms