STIGQter: STIG Summary: Oracle Database 11g Instance STIG Version: 8 Release: 20 Benchmark Date: 28 Jul 2017:

Database application user accounts should be denied storage usage for object creation within the database.

DISA Rule

SV-24501r2_rule

Vulnerability Number

V-3847

Group Title

Oracle storage use privileges

Rule Version

DO0157-ORACLE11

Severity

CAT III

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Assign tablespace quotas only to database accounts authorized to create and or own objects in the database.

Document authorized tablespace quotas for all accounts authorized to own objects in the System Security Plan.

Remove any quotas assigned to application users, application administrators, or any other unauthorized accounts.

From SQL*Plus:

alter user [username] quota 0 on [tablespace name];

Replace [username] with the named user and [tablespace name] with the identified tablespace name.

Check Contents

From SQL*Plus:

select username, tablespace_name from dba_ts_quotas
where username not in (select distinct owner from dba_objects)
and username not in
(select grantee from dba_role_privs where granted_role='DBA');

Review the list of user names returned.

If any belong to application users or application administrators, this is a Finding.

Vulnerability Number

V-3847

Documentable

True

Rule Version

DO0157-ORACLE11

Severity Override Guidance

From SQL*Plus:

select username, tablespace_name from dba_ts_quotas
where username not in (select distinct owner from dba_objects)
and username not in
(select grantee from dba_role_privs where granted_role='DBA');

Review the list of user names returned.

If any belong to application users or application administrators, this is a Finding.

Check Content Reference

M

Responsibility

Database Administrator

Target Key

1367

Comments