DG0123-ORACLE11 - Access to DBMS system tables and other configuration or metadata should be restricted to DBAs.

Information

System tables and DBA views contain information such as user, system and data that could lead to unauthorized access. Revoke any privileges granted to non-DBA accounts that provide direct access to objects owned by SYS or access to DBA views (DBA_%).

Solution

Revoke unauthorized access to system tables and data.

From SQL*Plus:
revoke [object privilege] on [system object name] from [account name or role];

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Database_11g_Y21M10_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6, CAT|II, Rule-ID|SV-24772r2_rule, STIG-ID|DG0123-ORACLE11, Vuln-ID|V-15631

Plugin: OracleDB

Control ID: 88f613b9f0af40907b709d188f341ce28555651449420adbda431699f238c19d