7.16 Secure the DATAACCESS authority

Information

The DATAACCESS authority grants the authority to access data. It allows the grantee to leverage DML level commands, i.e., SELECT, INSERT, UPDATE, DELETE, LOAD, and EXECUTE any package or routine.

The DATAACCESS authority gives the grantee read access and also control over manipulating the data. DATAACCESS can be granted to users, groups, or roles, but not PUBLIC. DATAACCESS authority is a subset of the DBADM authority and can be granted by the SECADM authority.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Revoke DATAACCESS authority from any unauthorized users.
REVOKE DATAACCESS ON DATABASE FROM USER <username>

See Also

https://workbench.cisecurity.org/files/1654