My Oracle Support Banner

Database Service Firewall: Adding PDB after the Access Control List is Created Yields ORA-12506 (Doc ID 2448797.1)

Last updated on JULY 06, 2021

Applies to:

Oracle Net Services - Version 12.2.0.1 to 18.1.0.0.0 [Release 12.2 to 18.1]
Information in this document applies to any platform.

Symptoms

The Database Service Firewall is enabled at the instance.  A client has  been granted access.  An Access Control Entity or ACE has been created
for this specific client.
The client is successfully connecting to the PDB following the implementation.  In our example, it's called PDB1.
A new PDB is created in the CDB.  We'll call it PDB2.  Following the creation of the new PDB, our client can no
longer access PDB1 via the listener.  The client receives the following error:

ORA-12506: TNS: listener rejected connection based on service ACL filtering

It has been confirmed that this issue occurs in releases 12.2 and 18c.

 

STEP 1(@Server): Enable the Database Service Firewall on listener.ora.

Changes

New PDB (PDB2) has been created after the client has been granted access.   Now the client that was previously working is failing with:

ORA-12506: TNS: listener rejected connection based on service ACL filtering

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.