UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

DBMS application users should not be granted administrative privileges to the DBMS.


Overview

Finding ID Version Rule ID IA Controls Severity
V-15628 DG0119-SQLServer9 SV-55936r1_rule ECLP-1 Medium
Description
DBMS privileges to issue other than Database Manipulation Language (DML) commands provide means to affect database object configuration and use of resources. Application users do not require these privileges to complete non-administrative job functions. Where applications require administrative privileges to execute non-administrative functions, exploits of the application can lead to unauthorized administrative access to the DBMS.
STIG Date
Microsoft SQL Server 2005 Instance Security Technical Implementation Guide 2015-06-16

Details

Check Text ( C-20524r4_chk )
Review privileges assigned to application roles in the database.

If any privileges other than SELECT, INSERT, UPDATE, DELETE or EXECUTE are assigned to application roles, this is a Finding.
Fix Text (F-24534r2_fix)
Revoke administrative privileges from application roles.

Do not allow Database Definition Language (DDL) or other administrative privileges for operation of the application, for example, do not create and drop database objects for temporary storage of data.

Consider, instead, the storage of temporary data in static database tables.