Documentation - V-270529

V-270529

Oracle Database 19c Security Technical Implementation Guide

CAT II

Title

Oracle roles granted using the WITH ADMIN OPTION must not be granted to unauthorized accounts.

Description

<VulnDiscussion>The WITH ADMIN OPTION allows the grantee to grant a role to another database account. Best security practice restricts the privilege of assigning privileges to authorized personnel. Authorized personnel include database administrators (DBAs), object owners, and application administrators (where designed and included in the application's functions). Restricting privilege-granting functions to authorized accounts can help decrease mismanagement of privileges and wrongful assignment...

Fix Text (Documentation Requirement)

Revoke assignment of roles with the WITH ADMIN OPTION from unauthorized grantees and regrant them without the option if required. SQL statements to remove the admin option from an unauthorized grantee: revoke <role name> from <grantee>; grant <role name> to <grantee>; Restrict use of the WITH ADMIN OPTION to authorized administrators. Document authorized role assignments with the WITH ADMIN OPTION in the system documentation.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel