3.3.2 Limit access via procedures, views and triggers

Information

Sybase ASE supports views and stored procedures as security mechanisms, allowing a user
(role or group) to be granted permission on a view or on a stored procedure even if they
have no permissions on objects the view or procedure references.

Rationale:

By defining different views and stored procedures and selectively granting permissions on
them, a user (or any combination of users) can be restricted to different subsets of data
allowing for a granular implementation of security requirements.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

1. Identify the subsets of data that should be accessible to particular users. Implement views and triggers as described in Sybase ASE System Administration Guide, Volume 1, chapter 17.

See Also

https://workbench.cisecurity.org/files/1612