7.9 Secure ACCESSCTRL Authority

Information

ACCESSCTRL authority is the authority required to grant and revoke privileges on objects within a specific database. Some of these privileges include BINDADD, CONNECT, CREATETAB, CREATE_EXTERNAL_ROUTINE, LOAD, and QUIESCE_CONNECT. It has no inherent privilege to access data stored in tables, except the catalog tables and views. The ACCESSCTRL authority cannot be granted to PUBLIC.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

1. Revoke ACCESSCTRL authority from any unauthorized users.
REVOKE ACCESSCTRL ON DATABASE FROM USER <username>

See Also

https://workbench.cisecurity.org/files/162