Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The DBA role should not be granted to unauthorized user accounts.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-2527 | DO3440-ORACLE11 | SV-24549r1_rule | ECLP-1 | Medium |
| Description |
|---|
| The DBA role is very powerful and access to it should be restricted. Verify that any database account granted the DBA role is explicitly authorized by the IAO. In addition to full access to database objects, access to the DBA role by unauthorized accounts may provide full access to the server. Verify that individual DBA accounts are created for each DBA and that the DBA accounts are used only for DBA functions. |
| STIG | Date |
|---|---|
| Oracle 11 Database Instance STIG | 2014-01-14 |
Details
| Check Text ( None ) |
|---|
| None |
| Fix Text (F-26521r1_fix) |
|---|
| Authorize and document all DBA role authorizations in the System Security Plan. Revoke DBA role membership from unauthorized accounts. Revoke DBA role membership from any accounts assigned to a developer job function on a shared production / development database. |