4.3 Review Users, Groups, and Roles - Groups list

Information

With row and column access control, individuals are permitted access to only the subset of data that is required to perform their job tasks. Periodic review of these individuals is crucial when trying to keep data secure. As business needs move forward, requirements behind accessing the data may change, leading to a revision in security policy. By inspecting the list of users, groups, and roles, you are identifying excessive privileges that could pose possible security threats within your infrastructure.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

1. To remove users from your database environment-
Linux-
userdel -r <user name>
Windows-
1. Run compmgmt.msc
2. Click 'Local Users and Groups'
3. Double click 'Users'
4. Right-click on <user name>
5. Select 'Delete'
2. To remove groups from your database environment-
Linux-
groupdel <group name>
Windows-
1. Run compmgmt.msc
2. Click 'Local Users and Groups'
3. Double click 'Groups'
4. Right-click on <group name>
5. Select 'Delete'
3. To remove roles or role members from your database environment
a. Attach to DB2 Instance-
db2 => attach to $DB2INSTANCE
b. Connect to DB2 database-
db2 => connect to $DBNAME
c. To remove role members from roles-
db2 => revoke role <role name> from <user/group/role member>
d. To remove roles-
db2 => drop role <role name>

See Also

https://workbench.cisecurity.org/files/162

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6(7)

Plugin: Unix

Control ID: cd8b62072ebdeed790f1fdd9f227b0d6fb1f9d5869b8a87c2208b894329ff805