DG0008-ORACLE11 - Application objects should be owned by accounts authorized for ownership.

Information

Database object ownership implies full privileges to the owned object including the privilege to assign access to the owned objects to other subjects. Unmanaged or uncontrolled ownership of objects can lead to unauthorized object grants and alterations.

Solution

Document all authorized application object owner accounts.

Use only authorized application object owner accounts to install and maintain application database objects.

Revoke privileges to create, drop, replace or alter application objects from unauthorized application object owners.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Database_11g_Y21M10_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6, CAT|II, Rule-ID|SV-24592r2_rule, STIG-ID|DG0008-ORACLE11, Vuln-ID|V-15607

Plugin: OracleDB

Control ID: 32d2db075675c2cf0dcdfe72c86db78ec5a3abac76ce89b4f29a8f536d7ca961