UCF STIG Viewer Logo

Only authorized accounts should be assigned to one or more Analysis Services database roles.


Overview

Finding ID Version Rule ID IA Controls Severity
V-15194 DM6109-SQLServer9 SV-25477r1_rule ECAN-1 Medium
Description
Unauthorized group membership assignment grants unauthorized privileges to database accounts. Unauthorized may lead to a compromise of data confidentiality or integrity.
STIG Date
Microsoft SQL Server 2005 Instance Security Technical Implementation Guide 2015-06-16

Details

Check Text ( C-13804r1_chk )
If Analysis Services is not deployed on the local host, this check is Not a Finding.

Note: To detect deployment, view Windows Services. If SQL Server Analysis Services ([instance name]) is not listed, then Analysis Services is not installed on this host.

From the SQL Server Management Studio GUI:

1. Connect to the Analysis Services instance
2. Right click on the Analysis Services instance
3. Expand Databases
4. Repeat for each database:
a. Click on each database role
b. View the member list

If any members are assigned database roles that are not documented in the System Security Plan, this is a Finding.
Fix Text (F-14824r1_fix)
Authorize and document all Analysis Services database role assignments in the System Security Plan.

From the SQL Server Management Studio GUI:

1. Connect to the Analysis Services instance
2. Expand the Analysis Services instance
3. Expand Databases
4. Repeat for each database:
a. Click on each database role
b. Open the member list
c. Select any unauthorized users
d. Click the Remove button
e. Click OK