5.3.4 Ensure AUDIT_ADMIN' Is Revoked from Unauthorized 'GRANTEE'

Information

The Oracle database AUDIT_ADMIN enables you to create unified and fine-grained audit policies, use the AUDIT and NOAUDIT SQL statements, view audit data, and manage the audit trail administration. Grant this role only to trusted users. Unauthorized grantees should not have this role.

Rationale:

Assignment of the AUDIT_ADMIN role to an ordinary user can provide a great number of unnecessary privileges to that user and open the door to data breaches, integrity violations, and denial-of-service conditions.

Solution

To remediate this setting, execute the following SQL statement, keeping in mind if this is granted in both container and pluggable database, you must connect to both places to revoke.

REVOKE AUDIT_ADMIN FROM <grantee>;

See Also

https://workbench.cisecurity.org/benchmarks/13413

Item Details

Category: ACCESS CONTROL, MEDIA PROTECTION

References: 800-53|AC-3, 800-53|AC-5, 800-53|AC-6, 800-53|MP-2, CSCv7|14.6

Plugin: OracleDB

Control ID: 67a70a2930ce32c498ed5588ccc5aba1f85babc1c19edef27af9693ce68ad20d