Information
It is recommended that no users except those who have the sa_role or sso_role are
assigned a default database of master, since this database stores all system tables.
Rationale:
As a general best practice recommendation, all standard users should be associated with a
specific home database other than master.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
1. Connect to the ASE server as a user that has select permission on syslogins (e.g a
user with the sa_role) and execute the following SQL statement to retrieve the list
of users that currently have a default database of master:
use master
select name, dbname from syslogins where dbname = 'master'
2. For each user that has a default database of master, that does not have the sa_role
and/or the sso_role (role membership can be determined via the
sp_displaylogin stored procedure), execute the following SQL statement to modify
their default database. <Login> should be substituted for the appropriate username
and <Database> for the new default database to be set.
exec sp_modifylogin <Login>, defdb, <Database>