5.2.6 Ensure 'SELECT ANY TABLE' Is Revoked from Unauthorized 'GRANTEE'

Information

The Oracle database SELECT ANY TABLE privilege allows the designated user to open any table, except SYS to view it. Unauthorized grantees should not have that privilege.

Assignment of the SELECT ANY TABLE privilege can allow the unauthorized viewing of sensitive data.

Solution

To remediate this setting, execute the following SQL statement, keeping in mind if this is granted in both container and pluggable database, you must connect to both places to revoke.

REVOKE SELECT ANY TABLE FROM <grantee>;

See Also

https://workbench.cisecurity.org/benchmarks/11760

Item Details

Category: ACCESS CONTROL, MEDIA PROTECTION

References: 800-53|AC-3, 800-53|AC-5, 800-53|AC-6, 800-53|MP-2, CSCv7|14.6

Plugin: OracleDB

Control ID: 94f3adcec371eb1a49366270d1f80819bb9388cbcbb532b84b6e8fb6e7416bcd