UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

DBMS privileges to restore database data or other DBMS configurations, features, or objects should be restricted to authorized DBMS accounts.


Overview

Finding ID Version Rule ID IA Controls Severity
V-15107 DG0063-ORACLE11 SV-24635r2_rule ECLP-1 Medium
Description
Unauthorized restoration of database data, objects, or other configuration or features can result in a loss of data integrity, unauthorized configuration, or other DBMS interruption or compromise. Therefore, the capability to restore must be controlled. Typically, only database administrators will have permission to restore a database.
STIG Date
Oracle Database 11g Installation STIG 2014-12-16

Details

Check Text ( C-24212r1_chk )
Review DBMS accounts with elevated permissions (accounts granted ROLE permissions, DBA accounts, SCHEMA accounts, etc.).

If any accounts are not documented and authorized for RESTORE permissions, this is a Finding.
Fix Text (F-20422r1_fix)
Utilize DBMS roles that are authorized for database restore functions.

Restrict assignment of restore privileges.

Assign DBMS restoration roles only to authorized DBMS accounts.

Document assignments in the System Security Plan.