DG0063-ORACLE11 - DBMS privileges to restore database data or other DBMS configurations, features, or objects should be restricted to authorized DBMS accounts.

Information

Unauthorized restoration of database data, objects, or other configuration or features can result in a loss of data integrity, unauthorized configuration, or other DBMS interruption or compromise. Therefore, the capability to restore must be controlled. Typically, only database administrators will have permission to restore a database.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Utilize DBMS roles that are authorized for database restore functions.

Restrict assignment of restore privileges.

Assign DBMS restoration roles only to authorized DBMS accounts.

Document assignments in the System Security Plan.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Database_11g_Y21M10_STIG.zip

Item Details

References: CAT|II, Rule-ID|SV-24635r2_rule, STIG-ID|DG0063-ORACLE11, Vuln-ID|V-15107

Plugin: Windows

Control ID: 43cdafceea5b9038b7fcdc6f521c6f7e950221e91ec06f6e344b3717f7bf9d8a