Information
The SCHEMAADM (schema administration) role grants the authority to a user to perform administrative tasks on a specific schema. It is recommended that the SCHEMAADM authority be granted to authorized users only.
Rationale:
If an account that possesses this authority is compromised or used in a malicious manner, the confidentiality, integrity, and availability of data in the database will be at increased risk.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
Revoke this permission from any unauthorized users.
Connect to the Db2 database.
db2 => connect to <dbname>
Run the following command:
db2 => REVOKE SCHEMAADM ON SCHEMA <schema> FROM USER <username>