UCF STIG Viewer Logo

Application owner accounts must have a dedicated application tablespace.


Overview

Finding ID Version Rule ID IA Controls Severity
V-61461 O121-BP-023700 SV-75951r1_rule Medium
Description
Separation of tablespaces by application helps to protect the application from resource contention and unauthorized access that could result from storage space reuses or host system access controls. Application data must be stored separately from system and custom user-defined objects to facilitate administration and management of its data storage. The SYSTEM tablespace must never be used for application data storage in order to prevent resource contention and performance degradation.
STIG Date
Oracle Database 12c Security Technical Implementation Guide 2015-12-21

Details

Check Text ( C-62351r1_chk )
From SQL*Plus (Note: The owner list below is a short list of all possible default Oracle accounts):

select distinct owner, tablespace_name
from dba_tables
where owner not in
(
'APEX_040200', 'APPQOSSYS','AUDSYS', 'CTXSYS', 'DBSNMP', 'DVSYS','FLOWS_FILES','GSMADMIN_INTERNAL','LBACSYS','MDSYS','OJVMSYS','OLAPSYS','ORDDATA','ORDSYS','OUTLN','SYS','SYSTEM','WMSYS','XDB'
)
and tablespace_name is not NULL
and (owner, table_name) not in
(select owner, table_name from dba_external_tables)
order by tablespace_name;

Review the list of returned table owners with the tablespace used.

If any of the owners listed are not default Oracle accounts and use the SYSTEM or any other tablespace not dedicated for the application’s use, this is a finding.

Look for multiple applications that may share a tablespace.

If no records were returned, ask the DBA if any applications use this database.

If no applications use the database, this is not a finding.

If there are applications that do use the database or if the application uses the SYS or other default account and SYSTEM tablespace to store its objects, this is a finding.
Fix Text (F-67377r1_fix)
Create and assign dedicated tablespaces for the storage of data by each application using the CREATE TABLESPACE command.