UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Access to DBMS system tables and other configuration or metadata should be restricted to DBAs.


Overview

Finding ID Version Rule ID IA Controls Severity
V-15631 DG0123-SQLServer9 SV-24309r1_rule ECAN-1 Medium
Description
Administrative data includes DBMS metadata and other configuration and management data. Unauthorized access to this data could result in unauthorized changes to database objects, access controls, or DBMS configuration.
STIG Date
Microsoft SQL Server 2005 Instance Security Technical Implementation Guide 2015-04-03

Details

Check Text ( C-28698r1_chk )
Review access controls on system tables.

Review access to configuration data stored in the database.

If any users not assigned DBA privileges are assigned access to the underlying tables, this is a Finding.
Fix Text (F-19562r1_fix)
Revoke access to system tables to non-DBA users.

Where use of system data is required by non-DBA users, provide controlled access for authorized functions via views, procedures, or other use of controlled objects.