DG0116-ORACLE11 - Database privileged role assignments should be restricted to IAO-authorized DBMS accounts.

Information

Roles assigned privileges to perform DDL and/or system configuration actions in the database can lead to compromise of any data in the database as well as operation of the DBMS itself. Restrict assignment of privileged roles to authorized personnel and database accounts to help prevent unauthorized activity.

Solution

Create custom roles for each discrete application user / administrator function required for your database and assign the minimum privileges necessary to perform the function.

Assign custom roles to accounts.

Revoke assignment of predefined roles from accounts where not documented in the System Security Plan and authorized by the IAO.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Database_11g_Y21M10_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-3(7), CAT|II, Rule-ID|SV-24723r2_rule, STIG-ID|DG0116-ORACLE11, Vuln-ID|V-15626

Plugin: OracleDB

Control ID: 5972568a2366d904fef9ded780fd7213ddde2fbd8a77d68ad7c47cd204f3dfbf