Object permission assignments should be authorized.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-2457	DM1715-SQLServer9	SV-23785r1_rule	ECLP-1	Medium

Description
Securely designed applications require only that database application user accounts have permissions to access and manipulate only the application data assigned to them in accordance with the their job function. Restrictions may be further restricted by granting data access to users only through execution of database procedures. Excess privileges can lead to unauthorized data access and can compromise data integrity.

Description

Securely designed applications require only that database application user accounts have permissions to access and manipulate only the application data assigned to them in accordance with the their job function. Restrictions may be further restricted by granting data access to users only through execution of database procedures. Excess privileges can lead to unauthorized data access and can compromise data integrity.

STIG	Date
Microsoft SQL Server 2005 Database Security Technical Implementation Guide	2015-04-03

Details

Check Text ( None )
None

Fix Text (F-20259r1_fix)
Revoke unauthorized permissions assigned to application user roles where supported by the DBMS vendor. From the query prompt: USE [database name] REVOKE [permission] ON [object] FROM [group name] Document assigned role permissions in the System Security Plan and authorize with the IAO.