SV-238450r667524_rule
V-238450
SRG-APP-000328-DB-000301
O112-C2-006600
CAT II
10
Create and document an access propagation policy that limits the propagation of rights.
Configure the DBMS to enforce the access propagation policy.
When a user is granted access to an object they have access to the object. When a used is granted access to an object with the ADMIN option, then they can provide permissions to others. Without the ADMIN option, a user cannot grant access to an object. No configuration is required.
Verify the DBMS has the ability to grant permissions without the grantee receiving the right to grant those same permissions to another user.
Review organization policies regarding access propagation. If an access propagation policy limiting the propagation of rights does not exist, this is a finding.
Review DBMS configuration to verify access propagation policies are enforced by the DBMS as configured. If the DBMS does not enforce the access propagation policy, this is a finding.
V-238450
False
O112-C2-006600
Verify the DBMS has the ability to grant permissions without the grantee receiving the right to grant those same permissions to another user.
Review organization policies regarding access propagation. If an access propagation policy limiting the propagation of rights does not exist, this is a finding.
Review DBMS configuration to verify access propagation policies are enforced by the DBMS as configured. If the DBMS does not enforce the access propagation policy, this is a finding.
M
4057