STIGQter STIGQter: STIG Summary: Oracle Database 11g Instance STIG Version: 8 Release: 20 Benchmark Date: 28 Jul 2017:

Developers should not be assigned excessive privileges on production databases.

DISA Rule

SV-24395r1_rule

Vulnerability Number

V-15114

Group Title

Developer DBMS privileges on production databases

Rule Version

DG0089-ORACLE11

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

Revoke permissions and privileges that allow changes to the production system or production objects from developer accounts or authorize permissions and privileges for developer accounts in the System Security Plan.

Check Contents

If this database is not a production database, this check is Not a Finding.

Review the privileges assigned to developer accounts.

Identify login name of developer DBMS accounts from the System Security Plan and/or DBA.

For each developer account, display the roles assigned to the account.

From SQL*Plus:
select granted_role from dba_role_privs where grantee=[developer account name];

If privileges assigned to developer accounts are not restricted to development objects and configurations, or authorizations to allow developer account access to production objects and configurations does not exist in the System Security Plan, this is a Finding.

Vulnerability Number

V-15114

Documentable

False

Rule Version

DG0089-ORACLE11

Severity Override Guidance

If this database is not a production database, this check is Not a Finding.

Review the privileges assigned to developer accounts.

Identify login name of developer DBMS accounts from the System Security Plan and/or DBA.

For each developer account, display the roles assigned to the account.

From SQL*Plus:
select granted_role from dba_role_privs where grantee=[developer account name];

If privileges assigned to developer accounts are not restricted to development objects and configurations, or authorizations to allow developer account access to production objects and configurations does not exist in the System Security Plan, this is a Finding.

Check Content Reference

M

Responsibility

Database Administrator

Target Key

1367

Comments