5.2.2 Ensure 'DBA_SYS_PRIVS.%' Is Revoked from Unauthorized 'GRANTEE' with 'ADMIN_OPTION' Set to 'YES'

Information

The Oracle database WITH_ADMIN privilege allows the designated user to grant another user the same privileges. Unauthorized grantees should not have that privilege.

Rationale:

Assignment of the WITH_ADMIN privilege can allow the granting of a restricted privilege to an unauthorized user.

Solution

To remediate this setting, execute the following SQL statement, keeping in mind if this is granted in both container and pluggable database, you must connect to both places to revoke.

REVOKE <privilege> FROM <grantee>;

See Also

https://workbench.cisecurity.org/benchmarks/13413