Lesson 6 | Network access control rules with CMAN |
Objective | Configure the Connection Manager to control access to your database server. |
Network Access Control Rules with CMAN
To configure the Connection Manager to control access to your database server, complete the following steps:
- Configure values in the CMAN_RULES parameter.
- Route the client connection requests that you want to be subject to network access control rules to the database server through the Connection Manager.
Let us look at the CMAN_RULES section of the cman.ora file. There are four parameter fields in the RULES section:
- SRC (source) is the source hostname or IP address of the client.
- DST (destination) is the destination hostname or IP address (server).
- SRV (services) is the SID name of the database on the server.
- ACT (action) specifies whether the Connection Manager will accept or reject the incoming requests based on the three parameters above.
Following is an example of a CMAN_RULES section located in the cman.ora file on the dilbert server.
It states that it will allow connections from the dilbert
client to raleigh server (only to the customer database) and the rochester
server (only to the product database):
CMAN_RULES=
(RULE_LIST=
(RULE=
(SRC = dilbert)
(DST = raleigh)
(SRV = customer)
(ACT = accept)
)
(RULE=
(SRC = dilbert)
(DST = rochester)
(SRV = product)
(ACT = accept)
)
)
As you can see, multiple rules can be defined within the RULE_LIST.
The first matched RULE is applied to the request. When CMAN_RULES exist, the Connection Manager adheres to the principle " that which is not expressly permitted is prohibited."
To implement any of the features included with CMAN, you will need to verify that you are using either centralized naming using Oracle Names or local naming as a naming method.
The next lesson outlines how to use CMCTL to start and control Oracle Connection Manager.