STIGQter: STIG Summary: Oracle Database 12c Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: Oracle Database 12c Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:SV-237715r667177_rule
V-237715
SRG-APP-000328-DB-000301
O121-C2-006600
CAT II
10
Create and document an access propagation policy that limits the propagation of rights.
Configure the DBMS to enforce the access propagation policy.
When a user is granted access to an object, they have access to the object. When a user is granted access to an object with the GRANT option, then they can provide permissions to others. Without the GRANT option, a user cannot grant access to an object. No configuration is required.
Verify the DBMS has the ability to grant permissions without the grantee receiving the right to grant those same permissions to another user.
Review organization policies regarding access propagation. If an access propagation policy limiting the propagation of rights does not exist, this is a finding.
Review DBMS configuration to verify access propagation policies are enforced by the DBMS as configured. If the DBMS does not enforce the access propagation policy, this is a finding.
V-237715
False
O121-C2-006600
Verify the DBMS has the ability to grant permissions without the grantee receiving the right to grant those same permissions to another user.
Review organization policies regarding access propagation. If an access propagation policy limiting the propagation of rights does not exist, this is a finding.
Review DBMS configuration to verify access propagation policies are enforced by the DBMS as configured. If the DBMS does not enforce the access propagation policy, this is a finding.
M
4059