UCF STIG Viewer Logo

Object permissions granted to PUBLIC should be restricted.


Overview

Finding ID Version Rule ID IA Controls Severity
V-2589 DO3689-ORACLE11 SV-24573r1_rule DCFA-1 Medium
Description
Permissions on objects may be granted to the user group PUBLIC. Because every database user is a member of the PUBLIC group, granting object permissions to PUBLIC gives all users in the database access to that object. In a secure environment, granting object permissions to PUBLIC should be restricted to those objects that all users are allowed to access. The policy does not require object permissions assigned to PUBLIC by the installation of Oracle Database server components be revoked (with exception of the packages listed in DO3475).
STIG Date
Oracle 11 Database Instance STIG 2014-01-14

Details

Check Text ( None )
None
Fix Text (F-26551r1_fix)
Revoke any privileges granted to PUBLIC for objects that are not owned by Oracle product accounts.

From SQL*Plus:

revoke [privilege name] from [user name] on [object name];

Assign permissions to custom application user roles based on job functions:

From SQL*Plus:

grant [privilege name] to [user role] on [object name];