Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-2463 | DM1760-SQLServer9 | SV-23804r1_rule | ECLP-1 | Medium |
Description |
---|
Data Definition Language (DDL) commands include CREATE, ALTER, and DROP object actions. These actions cause changes to the structure, definition and configuration of the DBMS as well as to the objects themselves that can affect any or all operations of the database. Such privileged actions, when not restricted to authorized persons and activities, can lead to a compromise of data and DBMS availability. |
STIG | Date |
---|---|
Microsoft SQL Server 2005 Database Security Technical Implementation Guide | 2015-04-03 |
Check Text ( None ) |
---|
None |
Fix Text (F-14854r1_fix) |
---|
Revoke DDL permissions from unauthorized accounts with the REVOKE command: From the query prompt: USE [database name] REVOKE [permission] FROM [user name] Document required DDL permission grants in the System Security Plan and authorize with the IAO. |