UCF STIG Viewer Logo

DBMS application user roles should not be assigned unauthorized privileges.


Overview

Finding ID Version Rule ID IA Controls Severity
V-15128 DG0105-ORACLE11 SV-24705r1_rule Medium
Description
Unauthorized access to the data can lead to loss of confidentiality and integrity of the data.
STIG Date
Oracle Database 11g Instance STIG 2017-06-29

Details

Check Text ( C-1092r1_chk )
Compare privileges assigned to database application user roles to those defined in the System Security Plan.

If the assigned privileges do not match the authorized list of privileges, this is a Finding.
Fix Text (F-2558r1_fix)
Use the grant and revoke commands to assign the authorized privileges as listed in the System Security Plan to custom database application or application user roles.