Database Service Firewall: Adding PDB after the Access Control List is Created Yields ORA-12506
(Doc ID 2448797.1)
Last updated on AUGUST 19, 2024
Applies to:
Oracle Database Cloud Exadata Service - Version N/A and laterOracle Cloud Infrastructure - Exadata Cloud Service - Version N/A and later
Gen 1 Exadata Cloud at Customer (Oracle Exadata Database Cloud Machine) - Version N/A and later
Gen 2 Exadata Cloud at Customer - Version N/A and later
Information in this document applies to any platform.
Symptoms
The Database Service Firewall is enabled at the instance. A client has been granted access. An Access Control Entity or ACE has been created
for this specific client.
The client is successfully connecting to the PDB following the implementation. In our example, it's called PDB1.
A new PDB is created in the CDB. We'll call it PDB2. Following the creation of the new PDB, our client can no
longer access PDB1 via the listener. The client receives the following error:
ORA-12506: TNS: listener rejected connection based on service ACL filtering
It has been confirmed that this issue occurs in releases 12.2 and 18c.
STEP 1(@Server): Enable the Database Service Firewall on listener.ora.
Changes
New PDB (PDB2) has been created after the client has been granted access. Now the client that was previously working is failing with:
ORA-12506: TNS: listener rejected connection based on service ACL filtering
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Changes |
| Cause |
| Solution |