O112-C2-002700 - The DBMS must enforce approved authorizations for logical access to the system in accordance with applicable policy - Role assignments to users

Information

Strong access controls are critical to securing application data. Access control policies (e.g., identity-based policies, role-based policies, attribute-based policies) and access enforcement mechanisms (e.g., access control lists, access control matrices, cryptography) must be employed by applications, when applicable, to control access between users (or processes acting on behalf of users) and objects (e.g., devices, files, records, processes, programs, domains) in the information system.

Consideration should be given to the implementation of an audited, explicit override of automated mechanisms in the event of emergencies or other serious events.

If the DBMS does not follow applicable policy when approving access it may be in conflict with networks or other applications in the information system. This may result in users either gaining or being denied access inappropriately and may be in conflict with applicable policy.

Solution

If Oracle Database Vault is in use, use it to configure the correct access privileges for each type of user.

If Oracle Database Vault is not in use, configure the correct access privileges for each type of user using Roles and Profiles.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Database_11-2g_V2R3_STIG.zip

Item Details

References: CAT|II, CCI|CCI-000213, Rule-ID|SV-219750r395499_rule, STIG-ID|O112-C2-002700, STIG-Legacy|SV-66581, STIG-Legacy|V-52365, Vuln-ID|V-219750

Plugin: OracleDB

Control ID: 469ce0f00f02307a1f2d17f0206c2b23d5aaff98c89f1f2484dbb63d44b64536