Application owner accounts should have a dedicated application tablespace.

From Oracle Database 11g Instance STIG

Part of Oracle application object owner tablespaces

SV-24510r3_rule Application owner accounts should have a dedicated application tablespace.

Vulnerability discussion

Separation of tablespaces by application helps to protect the application from resource contention and unauthorized access that could result from storage space reuses or host system access controls. Application data should be stored separately from system and custom user-defined objects to facilitate administration and management of its data storage. The SYSTEM tablespace should never be used for application data storage in order to prevent resource contention and performance degradation.

Check content

From SQL*Plus (Note: The owner list below is but a sample of all possible default Oracle accounts - edit according to local circumstances): select distinct owner, tablespace_name from dba_SEGMENTS where owner not in ('SYS','SYSTEM','OUTLN','OLAPSYS','CTXSYS','WKSYS','ODM', 'ODM_MTR','MDSYS','ORDSYS','WMSYS','RMAN','XDB', 'AUDSYS','DBSNMP','GSMADMIN_INTERNAL') order by tablespace_name; Review the list of returned table owners with the tablespace used. If any of the owners listed are not default Oracle accounts and use the "SYSTEM" or any other tablespace not dedicated for the application’s use, this is a Finding. Look for multiple applications that may share a tablespace. If no records were returned, ask the DBA if any applications use this database. If no applications use the database, this is not a Finding. If there are applications that do use the database or if the application uses the "SYS" or other default account and "SYSTEM" tablespace to store its objects, this is a Finding.

Fix text

Create and assign dedicated tablespaces for the storage of data by each application using the CREATE TABLESPACE command.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer