DG0089-ORACLE11 - Developers should not be assigned excessive privileges on production databases.

Information

Developers play a unique role and represent a specific type of threat to the security of the DBMS. Where restricted resources prevent the required separation of production and development DBMS installations, developers granted elevated privileges to create and manage new database objects must also be prevented from actions that can threaten the production operation.

Solution

Revoke permissions and privileges that allow changes to the production system or production objects from developer accounts or authorize permissions and privileges for developer accounts in the System Security Plan.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Database_11g_Y21M10_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6, CAT|III, Rule-ID|SV-24395r1_rule, STIG-ID|DG0089-ORACLE11, Vuln-ID|V-15114

Plugin: OracleDB

Control ID: f33a5982387bde9f5db92d3f089a11a264a06222ef5e193be0df545b30d28eda