Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Only authorized users should be granted access to Analysis Services data sources.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-15180 | DM6193-SQLServer9 | SV-25499r1_rule | ECAN-1 | Medium |
| Description |
|---|
| Access control applied to data sources controls user access to remotely defined systems using the authentication and authorizations defined for the data source. Unauthorized access to the data source in turn provides unauthorized access to remote systems. |
| STIG | Date |
|---|---|
| Microsoft SQL Server 2005 Instance Security Technical Implementation Guide | 2015-06-16 |
Details
| Check Text ( C-13828r1_chk ) |
|---|
| From the SQL Server Management Studio GUI: 1. Connect to the Analysis Services instance 2. For each Analysis Services database: a. Expand the database b. Expand Roles c. For each role listed: i. Right-click on the role ii. Select Properties iii. Select the Data Sources page Review the list of data sources listed for the role against authorized roles in the System Security Plan. If access to any unauthorized data sources is assigned to the role, this is a Finding. If documentation does not exist or is insufficient to determine authorized access, this is a Finding. |
| Fix Text (F-14849r1_fix) |
|---|
| Document all roles authorized to access data sources in the System Security Plan. Remove any unauthorized data sources from roles. |