The Horizon Connection Server administrators must be limited in terms of quantity, scope, and permissions.
An XCCDF Rule
Description
<VulnDiscussion>Role based access and least privilege are two fundamental security concepts that must be properly implemented in Horizon View to ensure the right user and groups have the right permissions on the right objects. Horizon View allows for assigning of roles (pre-defined sets of permissions) to specific users and groups and on a specific Access Group (set of objects). Administrators must ensure that minimal permissions are assigned to the right entities, in the right scope, and stay so over time. Satisfies: SRG-APP-000033-AS-000024, SRG-APP-000118-AS-000078, SRG-APP-000121-AS-000081, SRG-APP-000122-AS-000082, SRG-APP-000123-AS-000083, SRG-APP-000290-AS-000174, SRG-APP-000315-AS-000094, SRG-APP-000340-AS-000185, SRG-APP-000343-AS-000030</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-246887r768621_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Log in to the Horizon 7 Console. From the left pane, navigate to Settings >> Administrators.
To remove users or groups:
From the "Administrators and Groups" tab, select the unnecessary users or groups in the left pane and click the "Remove User or Group" button. Click "OK'" to confirm removal.