Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-15178 | DM6070-SQLServer9 | SV-23855r1_rule | ECLP-1 | Medium |
Description |
---|
Role privileges required by replication include full privileges to the databases with replicated objects. Restrict replication database db_owner role memberships and the system distribution database replmonitor database role membership to authorized replication agent accounts that require access to the database. Unauthorized access can provide unintentional or malicious users greater opportunity to exploit replication access. |
STIG | Date |
---|---|
Microsoft SQL Server 2005 Instance Security Technical Implementation Guide | 2015-04-03 |
Check Text ( None ) |
---|
None |
Fix Text (F-14829r1_fix) |
---|
Revoke role membership for unauthorized accounts granted replication role memberships: USE [database name] EXEC SP_DROPROLEMEMBER '[replmonitor or db_owner]' FROM '[account name]' |