Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Only authorized accounts should be assigned to one or more Analysis Services database roles.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-15194 | DM6109-SQLServer9 | SV-25477r1_rule | ECAN-1 | Medium |
| Description |
|---|
| Unauthorized group membership assignment grants unauthorized privileges to database accounts. Unauthorized may lead to a compromise of data confidentiality or integrity. |
| STIG | Date |
|---|---|
| Microsoft SQL Server 2005 Instance Security Technical Implementation Guide | 2015-06-16 |
Details
| Check Text ( C-13804r1_chk ) |
|---|
| If Analysis Services is not deployed on the local host, this check is Not a Finding. Note: To detect deployment, view Windows Services. If SQL Server Analysis Services ([instance name]) is not listed, then Analysis Services is not installed on this host. From the SQL Server Management Studio GUI: 1. Connect to the Analysis Services instance 2. Right click on the Analysis Services instance 3. Expand Databases 4. Repeat for each database: a. Click on each database role b. View the member list If any members are assigned database roles that are not documented in the System Security Plan, this is a Finding. |
| Fix Text (F-14824r1_fix) |
|---|
| Authorize and document all Analysis Services database role assignments in the System Security Plan. From the SQL Server Management Studio GUI: 1. Connect to the Analysis Services instance 2. Expand the Analysis Services instance 3. Expand Databases 4. Repeat for each database: a. Click on each database role b. Open the member list c. Select any unauthorized users d. Click the Remove button e. Click OK |