The Analysis Services server role should be restricted to authorized users.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-15193 | DM6108-SQLServer9 | SV-25476r1_rule | ECLP-1 | Medium |
| Description |
|---|
| The Analysis Services server role grants server-wide security privileges to the assigned user. An unauthorized user could compromise database and analysis server data and operational integrity or availability. |
| STIG | Date |
|---|---|
| Microsoft SQL Server 2005 Instance Security Technical Implementation Guide | 2015-06-16 |
Details
| Check Text ( C-13803r1_chk ) |
|---|
| If Analysis Services is not deployed on the local host, this check is Not a Finding. Note: To detect deployment, view Windows Services. If SQL Server Analysis Services ([instance name]) is not listed, then Analysis Services is not installed on this host. From the SQL Server Management Studio GUI: 1. Connect to the Analysis Services instance 2. Right click on the Analysis Services instance 3. Select Properties 4. Select the Security page 5. View member names assigned to the server role If any assigned members are not included as authorized in the System Security Plan, this is a Finding. |
| Fix Text (F-14823r1_fix) |
|---|
| Remove unauthorized members from the Analysis Service instance. From the SQL Server Management Studio GUI: 1. Connect to the Analysis Services instance 2. Right click on the Analysis Services instance 3. Select Properties 4. Select the Security page 5. Select any unauthorized user to remove 6. Click the Remove button 7. Click OK |