Oracle system privileges should not be directly assigned to unauthorized accounts.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-3439 | DO0350-ORACLE10 | SV-24533r1_rule | ECLP-1 ECPA-1 | Medium |
| Description |
|---|
| System privileges allow system-wide changes to the database or database objects. Unauthorized use of system privileges may jeopardize production applications, application data, or the database configuration and operation. |
| STIG | Date |
|---|---|
| Oracle 10 Database Instance STIG | 2014-01-14 |
Details
| Check Text ( None ) |
|---|
| None |
| Fix Text (F-26514r1_fix) |
|---|
| Document and justify system privileges assigned to users/roles in the System Security Plan and authorize with the IAO. Remove unauthorized or unjustified system privileges from user accounts or roles. From SQL*Plus: revoke [privilege] from [user or role name]; Replace [privilege] with the named privilege and [user or role name] with the identified user or role. |