From Oracle Database 11.2g Security Technical Implementation Guide
Part of SRG-APP-000085-DB-000038
Associated with: CCI-001693
Discretionary Access Control (DAC) is based on the premise that individual users are "owners" of objects and therefore have discretion over who should be authorized to access the object and in which mode (e.g., read or write). Ownership is usually acquired as a consequence of creating the object or via specified ownership assignment.
Verify the DBMS has the ability to grant permissions without the grantee receiving the right to grant those same permissions to another user. Review organization policies regarding access propagation. If an access propagation policy limiting the propagation of rights does not exist, this is a finding. Review DBMS configuration to verify access propagation policies are enforced by the DBMS as configured. If the DBMS does not enforce the access propagation policy, this is a finding.
Create and document an access propagation policy that limits the propagation of rights. Configure the DBMS to enforce the access propagation policy. When a user is granted access to an object they have access to the object. When a used is granted access to an object with the ADMIN option, then they can provide permissions to others. Without the ADMIN option, a user cannot grant access to an object. No configuration is required.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer