Detections
Analytics

4.4.4 Ensure 'DBA' Is Revoked from Unauthorized 'GRANTEE'

Information

As assignment of the DBA role to an ordinary user can provide a great number of unnecessary privileges to that user and opens the door to data breaches, integrity violations, and Denial-of-Service conditions, application of this role should be restricted according to the needs of the organization.

Solution

To remediate this setting execute the following SQL statement. REVOKE DBA FROM <grantee>;

See Also

https://workbench.cisecurity.org/files/601

Item Details

Plugin: OracleDB

Control ID: f5f43ab04c66af509ab7e239f395bd5e47dddb5ff1554650f3b6e4e85114038a