STIGQter: STIG Summary: Oracle Database 12c Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

A DBMS utilizing Discretionary Access Control (DAC) must enforce a policy that includes or excludes access to the granularity of a single user.

DISA Rule

SV-237716r667180_rule

Vulnerability Number

V-237716

Group Title

SRG-APP-000328-DB-000301

Rule Version

O121-C2-006700

Severity

CAT II

CCI(s)

• CCI-002165 - The information system enforces organization-defined discretionary access control policies over defined subjects and objects.

Weight

10

Fix Recommendation

Modify DBMS settings to allow users to assign or revoke access rights to objects and information owned by the user. The ability to grant or revoke rights must include the ability to grant or revoke those rights down to the granularity of a single user.

(This is default Oracle behavior.)

Check Contents

Check DBMS settings and documentation to determine if users are able to assign and revoke rights to the objects and information they own. If users cannot assign or revoke rights to the objects and information they own to the granularity of a single user, this is a finding.

(This is default Oracle behavior.)

Vulnerability Number

V-237716

Documentable

False

Rule Version

O121-C2-006700

Severity Override Guidance

Check DBMS settings and documentation to determine if users are able to assign and revoke rights to the objects and information they own. If users cannot assign or revoke rights to the objects and information they own to the granularity of a single user, this is a finding.

(This is default Oracle behavior.)

Check Content Reference

M

Target Key

4059

Comments