Java permission on oracle RDS 19c

Question

Connected as the Master user in the oracle database 19c the following command fails:

`call dbms_java.grant_permission( '[MASTER]', 'SYS:java.util.PropertyPermission', 'javax.net.ssl.keyStore', 'write' );`

With the following error:

`Error starting at line : 13 in command -
call dbms_java.grant_permission( '[MASTER]', 'SYS:java.util.PropertyPermission', 'javax.net.ssl.keyStore', 'write' )
Error report -
ORA-29532: Java call terminated by uncaught Java exception: java.lang.SecurityException: policy table update SYS:java.util.PropertyPermission, javax.net.ssl.keyStore
ORA-06512: at "SYS.DBMS_JAVA", line 705
ORA-06512: at line 1
29532. 00000 -  "Java call terminated by uncaught Java exception: %s"
*Cause:    A Java exception or error was signaled and could not be
           resolved by the Java code.
*Action:   Modify Java code, if this behavior is not intended.`

I also tried checking the view: SELECT * FROM dba_java_policy where lower(name) like '%ssl%'

`GRANT	JMXSERVER	SYS	java.util.PropertyPermission	javax.net.ssl.*	read,write	ENABLED	55`

It seems like the MASTER user doesn't have permission to execute the command, any help?

Thanks!

Answer

This is similar to another post:
https://repost.aws/questions/QUTIDvqchUSCGjBK6WTK_8Tg/oracle-rds-grant-issue-for-java-protocol-handler-pkgs

Java implementation in Amazon RDS has a limited set of permissions. The master user is granted the RDS_JAVA_ADMIN role, which grants a subset of the privileges granted by the JAVA_ADMIN role. To list the privileges granted to the RDS_JAVA_ADMIN role, run the following query on your DB instance:

SELECT * FROM dba_java_policy 
   WHERE grantee IN ('RDS_JAVA_ADMIN', 'PUBLIC') 
   AND enabled = 'ENABLED' 
   ORDER BY type_name, name, grantee;

Source:
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/oracle-options-java.html

Java permission on oracle RDS 19c

Relevant content