UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Oracle system privileges should not be directly assigned to unauthorized accounts.


Overview

Finding ID Version Rule ID IA Controls Severity
V-3439 DO0350-ORACLE10 SV-24533r1_rule ECLP-1 ECPA-1 Medium
Description
System privileges allow system-wide changes to the database or database objects. Unauthorized use of system privileges may jeopardize production applications, application data, or the database configuration and operation.
STIG Date
Oracle 10 Database Instance STIG 2014-01-14

Details

Check Text ( None )
None
Fix Text (F-26514r1_fix)
Document and justify system privileges assigned to users/roles in the System Security Plan and authorize with the IAO.

Remove unauthorized or unjustified system privileges from user accounts or roles.

From SQL*Plus:

revoke [privilege] from [user or role name];

Replace [privilege] with the named privilege and [user or role name] with the identified user or role.