Information
The Schema ACCESSCTLR authority allows a user grant and revoke privileges within a specific schema. It is recommended that the Schema ACCESSCTRL authority be granted to authorized users only.
Rationale:
If an account that possesses this authority is compromised or used in a malicious manner, the confidentiality, integrity, and availability of data in the database will be at increased risk.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
Revoke this permission from any unauthorized users.
Connect to the Db2 database.
db2 => connect to <dbname>
Run the following command:
db2 => REVOKE ACCESSCTRL ON SCHEMA <schema> FROM USER <username>