UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Only authorized users should be granted access to Analysis Services data sources.


Overview

Finding ID Version Rule ID IA Controls Severity
V-15180 DM6193-SQLServer9 SV-25499r1_rule ECAN-1 Medium
Description
Access control applied to data sources controls user access to remotely defined systems using the authentication and authorizations defined for the data source. Unauthorized access to the data source in turn provides unauthorized access to remote systems.
STIG Date
Microsoft SQL Server 2005 Instance Security Technical Implementation Guide 2015-04-03

Details

Check Text ( C-13828r1_chk )
From the SQL Server Management Studio GUI:

1. Connect to the Analysis Services instance
2. For each Analysis Services database:
a. Expand the database
b. Expand Roles
c. For each role listed:
i. Right-click on the role
ii. Select Properties
iii. Select the Data Sources page

Review the list of data sources listed for the role against authorized roles in the System Security Plan.

If access to any unauthorized data sources is assigned to the role, this is a Finding.

If documentation does not exist or is insufficient to determine authorized access, this is a Finding.
Fix Text (F-14849r1_fix)
Document all roles authorized to access data sources in the System Security Plan. Remove any unauthorized data sources from roles.