DBMS privileges to restore database data or other DBMS configurations, features, or objects should be restricted to authorized DBMS accounts.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-15107 | DG0063-ORACLE11 | SV-24635r2_rule | Medium |
| Description |
|---|
| Unauthorized restoration of database data, objects, or other configuration or features can result in a loss of data integrity, unauthorized configuration, or other DBMS interruption or compromise. Therefore, the capability to restore must be controlled. Typically, only database administrators will have permission to restore a database. |
| STIG | Date |
|---|---|
| Oracle Database 11g Installation STIG | 2017-06-29 |
Details
| Check Text ( C-24212r1_chk ) |
|---|
| Review DBMS accounts with elevated permissions (accounts granted ROLE permissions, DBA accounts, SCHEMA accounts, etc.). If any accounts are not documented and authorized for RESTORE permissions, this is a Finding. |
| Fix Text (F-20422r1_fix) |
|---|
| Utilize DBMS roles that are authorized for database restore functions. Restrict assignment of restore privileges. Assign DBMS restoration roles only to authorized DBMS accounts. Document assignments in the System Security Plan. |