6.1.18 Secure SCHEMAADM Authority

Information

The SCHEMAADM (schema administration) role grants the authority to a user to perform administrative tasks on a specific schema. It is recommended that the SCHEMAADM authority be granted to authorized users only.

Rationale:

If an account that possesses this authority is compromised or used in a malicious manner, the confidentiality, integrity, and availability of data in the database will be at increased risk.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Revoke this permission from any unauthorized users.

Connect to the Db2 database.

db2 => connect to <dbname>

Run the following command:

db2 => REVOKE SCHEMAADM ON SCHEMA <schema> FROM USER <username>

See Also

https://workbench.cisecurity.org/benchmarks/10752

Item Details

Category: ACCESS CONTROL, MEDIA PROTECTION

References: 800-53|AC-3, 800-53|AC-5, 800-53|AC-6, 800-53|MP-2, CSCv7|14.6

Plugin: IBM_DB2DB

Control ID: 234e88bd0d01b79a1367c7feb49f9767a1db13116c1321e1dbaa89538420b873