| Review system documentation to identify accounts authorized to own database objects. Review accounts in DBMS that own objects. |
If any database objects are found to be owned by users not authorized to own database objects, this is a finding.
- - - - -
Query the object DBA_OBJECTS to show the users who own objects in the database. The query below will return all of the users who own objects.
sqlplus connect as sysdba
SQL>select owner, object_type, count(*) from dba_objects
group by owner, object_type
order by owner, object_type;
If these owners are not authorized owners, select all of the objects these owners have generated and decide who they should belong to. To make a list of all of the objects, the unauthorized owner has to perform the following query.
SQL>select * from dba_objects where owner =&unauthorized_owner;