6.1.6 Ensure 'TEXT DATASTORE ACCESS' Is Revoked From Unauthorized 'GRANTEE'

Information

The TEXT DATASTORE ACCESS system privilege should be restricted due to the potential security risks associated with Oracle Text and its ability to access external files and data sources.

Granting TEXT DATASTORE ACCESS gives the user the privilege to index either an arbitrary file in the file system in the case of FILE datastore and an arbitrary URL in the case of URL datastore and is not recommended.

Solution

To remediate this setting, execute the following SQL statement, keeping in mind if this is granted in both container and pluggable database, you must connect to both places to revoke. Please ensure proper impact analysis is done before revoking the privilege from a role.

REVOKE TEXT DATASTORE ACCESS FROM <grantee>;

In the case of a grant via a role:

REVOKE <rolename> FROM <grantee>;

See Also

https://workbench.cisecurity.org/benchmarks/16474

Item Details

Category: ACCESS CONTROL, MEDIA PROTECTION

References: 800-53|AC-3, 800-53|AC-5, 800-53|AC-6, 800-53|MP-2, CSCv7|14.6

Plugin: OracleDB

Control ID: e07b6d311143e897f24945a4efcce1d8d95b0d1ae81c8eed3ab53073d19bd5e5