Grant ACL to APPS account Oracle 11g


Grant ACL to APPS account Oracle 11g
 
1. Check if view dba_network_acls has any row. If yes, run below script to add privilege to APPS account:

DECLARE
acl_path VARCHAR2(4000);
BEGIN
SELECT acl INTO acl_path FROM dba_network_acls
WHERE host = '<SERVER NAME>' AND lower_port IS NULL AND upper_port IS NULL;
IF DBMS_NETWORK_ACL_ADMIN.CHECK_PRIVILEGE(acl_path,'APPS','connect') IS NULL THEN
DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(acl_path,'APPS', TRUE, 'connect');
DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(acl_path,'APPS', TRUE, 'resolve');
END IF;
EXCEPTION
WHEN no_data_found THEN
-- below lines will create a ACL
DBMS_NETWORK_ACL_ADMIN.CREATE_ACL('apps.xml','ACL description', 'APPS', TRUE, 'connect');
DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE('apps.xml','APPS', TRUE, 'resolve');
DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL('apps.xml','<SERVER NAME>');
END;
/

SQL> commit;


SQL> select * FROM dba_network_acls;
SQL> select * from dba_network_acl_privileges;

Below two queries should return 1:

SQL> select DBMS_NETWORK_ACL_ADMIN.CHECK_PRIVILEGE('/sys/acls/apps.xml','APPS','connect') from dual;

SQL> select DBMS_NETWORK_ACL_ADMIN.CHECK_PRIVILEGE('/sys/acls/apps.xml','APPS','resolve') from dual;

NOTE: If view dba_network_acls has no data. You will need to create ACL for the user:
SQL> show user
USER is "SYS"

BEGIN
DBMS_NETWORK_ACL_ADMIN.CREATE_ACL('apps.xml','APPS acess for UTL', 'APPS', TRUE, 'connect');
DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(acl => 'apps.xml', principal => 'APPS',is_grant => true, privilege => 'resolve');
DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL('apps.xml','<SERVER NAME>');
END;
/

Sometimes, the domain name makes difference. It does not hurt to add full name to the access list:

BEGIN
DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL('apps.xml','SERVER_NAME.domain.com');
END;
/

SQL> commit;

NOTE:  If things does not work, you can start over by dropping entries in dba_network_acls.

SQL> begin
DBMS_NETWORK_ACL_ADMIN.DROP_ACL('apps.xml');
commit;
end;
/

Now dba_network_acls, dba_network_acl_privileges, net$_acl should have nothing on apps.xml and everything no ACL is cleaned up.
SQL> select * from dba_network_acls;
SQL> select * from dba_network_acl_privileges;
SQL> select * from net$_acl;

Could not get vmci driver version: The handle is invalid.

Could not get vmci driver version: The handle is invalid.

While starting VMWARE encountered below error :-

Could not get vmci driver version: The handle is invalid.
You have an incorrect version of driver "vmci.sys". Try reinstalling VMware Workstation.
Module DevicePowerOn power on failed.

SOLUTION :-

Search for in the base folder of installed VMWARE machine.

Example
If you have installed VNWARE in drive C and its machine e.g PROD1 in location E:\PROD1 then you need to go to PROD1 folder NOT on base VMWARE installed location.

Search for file named with extension .vmx
eg. PROD1.vmx
Open it with notepad


CHANGE below mentioned value
vmci0.present = "TRUE"
TO
vmci0.present = "FALSE"

Save and try to starting your machine.

ircntf.wft fails with: ITEM_TYPE ‘WFSTD’ is protected …


ircntf.wft fails with: ITEM_TYPE ‘WFSTD’ is protected …

Error message:
FAILED: file ircntf.wft on worker 1.

Access level: 20, Mode: UPGRADE
ITEM_TYPE ‘WFSTD’ is protected, no changes were saved.
ITEM_ATTRIBUTE ‘WFSTD/EVENTNAME’ is customized, no changes were saved.
ITEM_ATTRIBUTE ‘WFSTD/N’ is protected, no changes were saved.


Solution:
1. Run WFLOAD with FORCE option as the applmgr user:
$FND_TOP/bin/WFLOAD apps/<apps pwd> 0 Y FORCE $IRC_TOP/patch/115/import/US/ircntf.wft
2. Use adctrl hidden option #8, to skip the failed job.

Reference:
IRCNTF.WFT Fails During R12.1.1 Upgrade (Doc ID 1329530.1).
Oracle Support advice is to skip this error and complete the upgrade. This error should not impact any iRecruitment functionality apart from Generic Notifications in iRecruitment which is introduced in 12.1. Furthermore they suggest to apply Patch 9371492: IRCNTF.WFT FAILS DURING R12.1.1 UPGRADE. This isn’t possible during deployment of patch 6678700, so I run WFLOAD with the FORCE optio

lsnrctl: error while loading shared libraries: /u01/Oracle/product/11.2.0/dbhome_1/lib/libclntsh.so.11.1: cannot restore segment prot after reloc: Permission denied

lsnrctl: error while loading shared libraries: /u01/Oracle/product/11.2.0/dbhome_1/lib/libclntsh.so.11.1: cannot restore segment prot after reloc: Permission denied

When starting listener got error :-
[oracle@otm bin]$ lsnrctl
lsnrctl: error while loading shared libraries: /u01/Oracle/product/11.2.0/dbhome_1/lib/libclntsh.so.11.1: cannot restore segment prot after reloc: Permission denied

Solution :-
The sestatus command provides a configurable view into the status of SELinux.

You can use the command getenforce to see the current mode of SELinux. To disable SELinux temporarily you can use the command setenforce Permissive. In permissive mode the denials will still occur and will be logged but the operations will not be blocked. Permissive mode is the recommend mode by Oracle Support.

For permanent change

[root@otm ]# cd /etc
[root@otm ]# ls -alh grub.conf
lrwxrwxrwx 1 root root 22 Aug 25 16:25 grub.conf -> ../boot/grub/grub.conf
[root@otm etc]# cp grub.conf grub.conf_ORG
[root@otm etc]# ll grub*
lrwxrwxrwx 1 root root 22 Aug 25 16:25 grub.conf -> ../boot/grub/grub.conf
-rw------- 1 root root 865 Aug 25 17:04 grub.conf_ORG

vi grub.conf


To change from enforcing to permissive we will add enforcing=0 to end of the line beginning with kernel.
Example