SV-238481r667617_rule
V-238481
SRG-APP-000133-DB-000179
O112-OS-011200
CAT II
10
Restrict access to the DBMS software libraries to accounts that require access based on job function.
Review permissions that control access to the DBMS software libraries. The software library location may be determined from vendor documentation or service/process executable paths.
DBA accounts, the DBMS process account, the DBMS software installation/maintenance account, SA accounts, if access by them is required for some operational level of support such as backups, and the host system itself require access. Any others should be scrutinized and a reason for access provided by the DBA. If accounts that are not required and authorized to have access to the software library location do have access, this is a finding.
Check to see which users have been granted DBA. Work from a basis of least privilege. Provide the least amount of privilege required to accomplish the job.
SQL> select * from dba_role_privs where granted_role = 'DBA';
V-238481
False
O112-OS-011200
Review permissions that control access to the DBMS software libraries. The software library location may be determined from vendor documentation or service/process executable paths.
DBA accounts, the DBMS process account, the DBMS software installation/maintenance account, SA accounts, if access by them is required for some operational level of support such as backups, and the host system itself require access. Any others should be scrutinized and a reason for access provided by the DBA. If accounts that are not required and authorized to have access to the software library location do have access, this is a finding.
Check to see which users have been granted DBA. Work from a basis of least privilege. Provide the least amount of privilege required to accomplish the job.
SQL> select * from dba_role_privs where granted_role = 'DBA';
M
4057