DBMS application user roles should not be assigned unauthorized privileges.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-15128 | DG0105-ORACLE10 | SV-24704r1_rule | DCFA-1 | Medium |
| Description |
|---|
| Unauthorized access to the data can lead to loss of confidentiality and integrity of the data. |
| STIG | Date |
|---|---|
| Oracle Database 10g Instance STIG | 2014-04-02 |
Details
| Check Text ( C-1089r1_chk ) |
|---|
| Compare privileges assigned to database application user roles to those defined in the System Security Plan. If the assigned privileges do not match the authorized list of privileges, this is a Finding. |
| Fix Text (F-2557r1_fix) |
|---|
| Use the grant and revoke commands to assign the authorized privileges as listed in the System Security Plan to custom database application or application user roles. |