Azure SQL Database must restrict execution of stored procedures and functions that utilize [execute as] to necessary cases only.

An XCCDF Rule

Details
Profiles

Description

In certain situations, to provide required functionality, a DBMS needs to execute internal logic (stored procedures, functions, triggers, etc.) and/or external code modules with elevated privileges. However, if the privileges required for execution are at a higher level than the privileges assigned to organizational users invoking the functionality applications/programs, those users are indirectly provided with greater privileges than assigned by organizations. Privilege elevation by "Execute As" must be utilized only where necessary and protected from misuse.

ID: SV-255317r961359_rule
Version: ASQL-00-002900
Severity: Medium
References: CCI-002233
Updated: 6 days ago

Remediation Templates

Alter stored procedures and functions to remove the "EXECUTE AS" statement.

Azure SQL Database must restrict execution of stored procedures and functions that utilize [execute as] to necessary cases only.

Description

Remediation Templates

A Manual Procedure