Detections
Analytics

4.4.3 Ensure 'EXECUTE_CATALOG_ROLE' Is Revoked from Unauthorized 'GRANTEE'

Information

As permitting unauthorized access to the EXECUTE_CATALOG_ROLE can allow the disruption of operations by initialization of rogue procedures, this capability should be restricted according to the needs of the organization.

Solution

To remediate this setting execute the following SQL statement. REVOKE EXECUTE_CATALOG_ROLE FROM <grantee>;

See Also

https://workbench.cisecurity.org/files/601

Item Details

Plugin: OracleDB

Control ID: 682b699dde4ec48084b172c44f50bf8af65d1fa4f2805bfdfc1da0e72926367f