3.1.1 Set an appropriate default database for all users

Information

It is recommended that no users except those who have the sa_role or sso_role are
assigned a default database of master, since this database stores all system tables.

Rationale:

As a general best practice recommendation, all standard users should be associated with a
specific home database other than master.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

1. Connect to the ASE server as a user that has select permission on syslogins (e.g a
user with the sa_role) and execute the following SQL statement to retrieve the list
of users that currently have a default database of master:

use master

select name, dbname from syslogins where dbname = 'master'

2. For each user that has a default database of master, that does not have the sa_role
and/or the sso_role (role membership can be determined via the
sp_displaylogin stored procedure), execute the following SQL statement to modify
their default database. <Login> should be substituted for the appropriate username
and <Database> for the new default database to be set.

exec sp_modifylogin <Login>, defdb, <Database>

See Also

https://workbench.cisecurity.org/files/1612