Skip to content
Log In

Oracle application administration roles must be disabled if not required and authorized.

An XCCDF Rule

Description

Application administration roles, which are assigned system or elevated application object privileges, should be protected from default activation. Application administration roles are determined by system privilege assignment (create / alter / drop user) and application user role ADMIN OPTION privileges.

ID
SV-219712r879887_rule
Version
O112-BP-022900
Severity
Medium
References
Updated

Remediation Templates

A Manual Procedure

For each role assignment returned, issue:

From SQL*Plus:

alter user [username] default role all except [role];

If the user has more than one application administration role assigned, then you will have to remove assigned roles from default assignment and assign individually the appropriate default roles.