DBMS privileges to restore database data or other DBMS configurations, features or objects should be restricted to authorized DBMS accounts.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-15107 | DG0063-ORACLE10 | SV-24634r1_rule | ECLP-1 | Medium |
| Description |
|---|
| Unauthorized restoration of database data, objects, or other configuration or features can result in a loss of data integrity, unauthorized configuration, or other DBMS interruption or compromise. |
| STIG | Date |
|---|---|
| Oracle 10 Database Installation STIG | 2014-01-14 |
Details
| Check Text ( C-24213r1_chk ) |
|---|
| Review DBMS accounts with elevated permissions (accounts granted ROLE permissions, DBA accounts, SCHEMA accounts, etc.). If any accounts are not documented and authorized for RESTORE permissions, this is a Finding. |
| Fix Text (F-2869r1_fix) |
|---|
| Utilize DBMS roles that are authorized for database restore functions. Restrict assignment of restore privileges. Assign DBMS restoration roles only to authorized DBMS accounts. Document assignments in the System Security Plan. |