3.2.1 Review use of the guest user in databases

Information

Adding a guest entry to the sysusers table of any database effectively permits any database
user to use the database with the permissions of the guest user (which by default inherits
the permissions of the public role).

Rather than using the guest user it is recommended that roles be set up within Sybase ASE
to facilitate multiuser access to databases.

Rationale:

Adding a guest entry to a database goes against the security best practice principle of least
privilege and makes it harder to audit operations.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

1. Identify the databases that contain a guest user.

2. Identify the users that access objects in these databases.

3. Either grant each user specific access to each database as required or create
appropriate roles and grant each role specific access to each database.

See Also

https://workbench.cisecurity.org/files/1612