SQL2-00-004300 - SQL Server must enforce access control policies to restrict the Alter any linked server permission to only authorized roles.

Information

The concept of least privilege must be applied to SQL Server processes, ensuring that the processes operate at privilege levels no higher than necessary to accomplish required organizational missions and/or functions. Organizations consider the creation of additional processes, roles, and SQL Server accounts as necessary to achieve least privilege. Organizations also apply least privilege concepts to the design, development, implementation, and operations of SQL Server and the OS.

Unauthorized access to sensitive data or SQL Server control may compromise the confidentiality of personnel privacy, threaten national security, compromise a variety of other sensitive operations, or lead to a loss of system control. Access controls are best managed by defining requirements based on distinct job functions and assigning access based on the job function assigned to the individual user.

SQL Server's 'Alter any linked server' permission is a high server-level privilege that must only be granted to individual administration accounts through roles. If the 'Alter any linked server' permission is granted to roles that are unauthorized to have this privilege, then this access must be removed.

Additionally, the permission must not be denied to a role, because that could disable a user's legitimate access via another role.

The fix for this vulnerability specifies the use of REVOKE. Be aware that revoking a permission that is currently denied to a role or user does not necessarily disable the permission. If the user or role can inherent the permission from another role, revoking the denied permission from the user or the first role can effectively enable the inherited permission.

Solution

Remove the 'Alter any linked server' permission access from the role that is not authorized by executing the following query:


REVOKE Alter any linked server TO <'role name'>

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_SQL_Server_2012_V1R20_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-3(3), CAT|II, CCI|CCI-003014, Rule-ID|SV-53765r4_rule, STIG-ID|SQL2-00-004300, Vuln-ID|V-41283

Plugin: MS_SQLDB

Control ID: ffa041bd53ad520963a4abc0642124981f8ce25e25340ebc225ab3f80c64d23e