STIGQter: STIG Summary: Oracle Database 11.2g Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: Oracle Database 11.2g Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:SV-238445r667509_rule
V-238445
SRG-APP-000233-DB-000124
O112-C2-004100
CAT II
10
Revoke DBA privileges, and privileges to administer DBA-owned objects, from non-DBA accounts.
Provide separate accounts to DBA for database administration.
Review permissions for objects owned by DBA or other administrative accounts.
If any objects owned by administrative accounts can be accessed by non-DBA/non-administrative users, either directly or indirectly, this is a finding.
Verify DBAs have separate administrative accounts.
If DBAs do not have a separate account for database administration purposes, this is a finding.
To list all objects owned by an administrative account that have had access granted to another account, run the query:
SELECT grantee, table_name, grantor, privilege from dba_tab_privs where owner= '<applicable account>';
V-238445
False
O112-C2-004100
Review permissions for objects owned by DBA or other administrative accounts.
If any objects owned by administrative accounts can be accessed by non-DBA/non-administrative users, either directly or indirectly, this is a finding.
Verify DBAs have separate administrative accounts.
If DBAs do not have a separate account for database administration purposes, this is a finding.
To list all objects owned by an administrative account that have had access granted to another account, run the query:
SELECT grantee, table_name, grantor, privilege from dba_tab_privs where owner= '<applicable account>';
M
4057