STIGQter: STIG Summary: Oracle Database 12c Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: Oracle Database 12c Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:SV-219829r533028_rule
V-219829
SRG-APP-000516-DB-000363
O121-BP-021700
CAT II
10
Revoke privileges granted the WITH GRANT OPTION from non-DBA and accounts that do not own application objects.
Re-grant privileges without specifying WITH GRANT OPTION.
Note: Do not revoke the system-generated grants such as those found on The SYS_PLSQL_% objects. They are system generated object types (a.k.a ShadowTypes) which are created internally by Oracle when you use the Pipelined Table Functions. This can result in (incorrect) compilation failures and/or invalidations when the users who are supposed to have access to the shadow types find themselves without access.
Execute the query:
select grantee||': '||owner||'.'||table_name
from dba_tab_privs
where grantable = 'YES'
and grantee not in (select distinct owner from dba_objects)
and grantee not in (select grantee from dba_role_privs where granted_role = 'DBA')
and table_name not like 'SYS_PLSQL_%'
order by grantee;
If any accounts are listed, this is a finding.
V-219829
False
O121-BP-021700
Execute the query:
select grantee||': '||owner||'.'||table_name
from dba_tab_privs
where grantable = 'YES'
and grantee not in (select distinct owner from dba_objects)
and grantee not in (select grantee from dba_role_privs where granted_role = 'DBA')
and table_name not like 'SYS_PLSQL_%'
order by grantee;
If any accounts are listed, this is a finding.
M
4059