Documentation - V-270572

Title

Oracle Database must separate user functionality (including user interface services) from database management functionality.

Description

<VulnDiscussion>Information system management functionality includes functions necessary to administer databases, network components, workstations, or servers, and typically requires privileged user access. The separation of user functionality from information system management functionality is either physical or logical and is accomplished by using different computers, different central processing units, different instances of the operating system, different network addresses, combinations of ...

Fix Text (Documentation Requirement)

Configure DBMS settings to separate database administration and general user functionality. Provide those who have both administrative and general-user responsibilities with separate accounts for these separate functions. This includes separation of duties for administrative users, schema owners, and application (general) users. Oracle's recommendation is Oracle Database Vault to solve this problem. Oracle Database Vault provides controls to prevent unauthorized privileged users from accessing sensitive data and to prevent unauthorized database changes. Oracle Database Vault provides database roles that enable different users to perform specific tasks, based on separation-of-duty guidelines. One of the biggest benefits resulting from regulatory compliance has been security awareness. Ora...