Information
Reviewing all roles periodically and eliminating unneeded roles as well as unneeded privileges from necessary roles helps minimize the privileges for each user.
Rationale:
Although role-based access control (RBAC) has many advantages for regulating access to resources, over time, some roles may no longer be needed, and some roles may grant privileges that are no longer needed.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
Revoke specified privileges from the user-defined role on the database where the command is run. The revokePrivilegesFromRole command has the following syntax:
{
revokePrivilegesFromRole: '<role>',
privileges:
[
{ resource: { <resource> }, actions: [ '<action>', ... ] },
...
],
}