UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Application users privileges should be restricted to assignment using application user roles.


Overview

Finding ID Version Rule ID IA Controls Severity
V-15629 DG0121-ORACLE10 SV-24753r1_rule ECLP-1 Medium
Description
Granting permissions to accounts is error prone and repetitive. Using roles allows for group management of privileges assigned by function and reduces the likelihood of wrongfully assigned privileges. Assign permissions to roles and then grant the roles to accounts.
STIG Date
Oracle 10 Database Instance STIG 2014-01-14

Details

Check Text ( None )
None
Fix Text (F-3791r1_fix)
Revoke privileges assigned directly to database accounts and assign them to roles based on job functions.

Assign users who are assigned responsibility for the job function to the defined role.

From SQL*Plus:
revoke [privilege] on [object name] from [user name];
grant [privilege] on [object name] to [role name];