UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Developers should not be assigned excessive privileges on production databases.


Overview

Finding ID Version Rule ID IA Controls Severity
V-15114 DG0089-ORACLE11 SV-24395r1_rule ECPC-1 ECPC-2 Low
Description
Developers play a unique role and represent a specific type of threat to the security of the DBMS. Where restricted resources prevent the required separation of production and development DBMS installations, developers granted elevated privileges to create and manage new database objects must also be prevented from actions that can threaten the production operation.
STIG Date
Oracle Database 11g Instance STIG 2015-03-26

Details

Check Text ( C-19608r1_chk )
If this database is not a production database, this check is Not a Finding.

Review the privileges assigned to developer accounts.

Identify login name of developer DBMS accounts from the System Security Plan and/or DBA.

For each developer account, display the roles assigned to the account.

From SQL*Plus:
select granted_role from dba_role_privs where grantee=[developer account name];

If privileges assigned to developer accounts are not restricted to development objects and configurations, or authorizations to allow developer account access to production objects and configurations does not exist in the System Security Plan, this is a Finding.
Fix Text (F-2590r1_fix)
Revoke permissions and privileges that allow changes to the production system or production objects from developer accounts or authorize permissions and privileges for developer accounts in the System Security Plan.