Oracle Database Security Assessment

Highly Confidential

Assessment Date & Time

Date of Data Collection	Date of Report	Reporter Version
Mon Feb 26 2018 09:27:00	Mon Feb 26 2018 09:29:30	2.0.1 (December 2017) - d526

Database Identity

Name	Platform	Database Role	Log Mode	Created
TVDNCDB	Linux x86 64-bit	PRIMARY	ARCHIVELOG	Fri Mar 10 2017 12:08:00

Summary

Section	Pass	Evaluate	Advisory	Low Risk	Medium Risk	High Risk	Total Findings
Basic Information	0	0	0	0	0	1	1
User Accounts	5	0	0	3	3	1	12
Privileges and Roles	4	15	0	0	0	0	19
Authorization Control	0	0	2	0	0	0	2
Data Encryption	0	1	1	0	0	0	2
Fine-Grained Access Control	0	0	5	0	0	0	5
Auditing	3	4	2	0	3	0	12
Database Configuration	6	4	0	2	0	1	13
Network Configuration	1	0	0	1	3	0	5
Operating System	2	1	0	1	1	0	5
Total	21	25	10	7	10	3	76

Basic Information

Database Version

Oracle Database 12c Enterprise Edition Release 12.2.0.1.0 - 64bit Production

Security options used: (none)

Security Features

Feature	Currently Used
AUTHORIZATION CONTROL
Database Vault	No
Privilege Analysis	No

DATA ENCRYPTION
Column Encryption	No
Tablespace Encryption	No
Network Encryption	No

FINE-GRAINED ACCESS CONTROL
Data Redaction	No
Virtual Private Database	No
Real Application Security	No
Label Security	No
Transparent Sensitive Data Protection	No

AUDITING
Traditional Audit	No
Fine Grained Audit	No
Unified Audit	Yes

USER AUTHENTICATION
External Authentication	No
Global Authentication	No

Patch Check

INFO.PATCH

CIS

Status

High Risk

Summary

Latest comprehensive patch not found.

Details

Latest comprehensive patch: Oct 17 2017 (132 days ago)
Latest interim patch: Sep 29 2017 (150 days ago)

Binary Patch Inventory:
Patch ID: 21594114 (created September 2017)
Patch ID (Comprehensive): 21632407 (created October 2017)

SQL Patch History:
Action time: Sun Oct 22 2017 19:54:00
Action: APPLY
Version: 12.2.0.1
Bundle series: DBRU
Description: DATABASE RELEASE UPDATE 12.2.0.1.171017

Action time: Sun Oct 22 2017 19:53:00
Action: APPLY
Version: 12.2.0.1
Bundle series:
Description: OJVM RELEASE UPDATE: 12.2.0.1.171017 (26635944)

Action time: Sun Oct 22 2017 19:53:00
Action: ROLLBACK
Version: 12.2.0.1
Bundle series: DBBP
Description: DATABASE BUNDLE PATCH 12.2.0.1.170620

Action time: Sun Oct 22 2017 19:53:00
Action: ROLLBACK
Version: 12.2.0.1
Bundle series:
Description: OJVM RELEASE UPDATE: 12.2.0.1.170718 (25811364)

Action time: Tue Jul 18 2017 20:32:00
Action: APPLY
Version: 12.2.0.1
Bundle series: DBRU
Description: DATABASE RELEASE UPDATE 12.2.0.1.170718

Action time: Tue Jul 18 2017 20:32:00
Action: APPLY
Version: 12.2.0.1
Bundle series:
Description: OJVM RELEASE UPDATE: 12.2.0.1.170718 (25811364)

Action time: Tue Jul 18 2017 20:32:00
Action: ROLLBACK
Version: 12.2.0.1
Bundle series: DBBP
Description: DATABASE BUNDLE PATCH 12.2.0.1.170620

Action time: Thu Jun 22 2017 13:15:00
Action: APPLY
Version: 12.2.0.1
Bundle series: DBBP
Description: DATABASE BUNDLE PATCH 12.2.0.1.170620

Action time: Sun May 21 2017 13:47:00
Action: APPLY
Version: 12.2.0.1
Bundle series: DBBP
Description: DATABASE BUNDLE PATCH 12.2.0.1.170516

Remarks

It is vital to keep the database software up-to-date with security fixes as they are released. Oracle issues comprehensive patches in the form of Release Updates, Patch Set Updates, and Bundle Patches on a regular quarterly schedule. These updates should be applied as soon as they are available.

References

CIS Oracle Database 12c Benchmark v2.0.0: Recommendation 1.1

User Accounts

User Name	Status	Profile	Tablespace	Predefined	Type
ANONYMOUS	EXPIRED & LOCKED	DEFAULT	SYSAUX	Yes	PASSWORD
APPQOSSYS	EXPIRED & LOCKED	DEFAULT	SYSAUX	Yes	PASSWORD
AUDSYS	EXPIRED & LOCKED	DEFAULT	USERS	Yes	PASSWORD
BI	OPEN	DEFAULT	EXAMPLE	No	PASSWORD
CTXSYS	EXPIRED & LOCKED	DEFAULT	SYSAUX	Yes	PASSWORD
DBSFWUSER	EXPIRED & LOCKED	DEFAULT	SYSAUX	Yes	PASSWORD
DBSNMP	EXPIRED & LOCKED	DEFAULT	SYSAUX	Yes	PASSWORD
DIP	EXPIRED & LOCKED	DEFAULT	USERS	Yes	PASSWORD
GGSYS	EXPIRED & LOCKED	DEFAULT	SYSAUX	Yes	PASSWORD
GSMADMIN_INTERNAL	EXPIRED & LOCKED	DEFAULT	SYSAUX	Yes	PASSWORD
GSMCATUSER	EXPIRED & LOCKED	DEFAULT	USERS	Yes	PASSWORD
GSMUSER	EXPIRED & LOCKED	GSM_PROF	USERS	Yes	PASSWORD
HR	OPEN	DEFAULT	EXAMPLE	Yes	PASSWORD
IX	OPEN	DEFAULT	EXAMPLE	Yes	PASSWORD
MDDATA	EXPIRED & LOCKED	DEFAULT	USERS	Yes	PASSWORD
MDSYS	EXPIRED & LOCKED	DEFAULT	SYSAUX	Yes	PASSWORD
O12TEST	OPEN	DEFAULT	USERS	No	PASSWORD
OE	OPEN	DEFAULT	EXAMPLE	Yes	PASSWORD
OJVMSYS	EXPIRED & LOCKED	DEFAULT	SYSTEM	Yes	PASSWORD
OLAPSYS	EXPIRED & LOCKED	DEFAULT	SYSAUX	Yes	PASSWORD
ORACLE_OCM	EXPIRED & LOCKED	DEFAULT	USERS	Yes	PASSWORD
ORDDATA	EXPIRED & LOCKED	DEFAULT	SYSAUX	Yes	PASSWORD
ORDPLUGINS	EXPIRED & LOCKED	DEFAULT	SYSAUX	Yes	PASSWORD
ORDSYS	EXPIRED & LOCKED	DEFAULT	SYSAUX	Yes	PASSWORD
OUTLN	EXPIRED & LOCKED	DEFAULT	SYSTEM	Yes	PASSWORD
PM	OPEN	DEFAULT	EXAMPLE	Yes	PASSWORD
REMOTE_SCHEDULER_AGENT	EXPIRED & LOCKED	DEFAULT	USERS	Yes	PASSWORD
SCOTT	OPEN	DEFAULT	USERS	Yes	PASSWORD
SH	OPEN	DEFAULT	EXAMPLE	Yes	PASSWORD
SI_INFORMTN_SCHEMA	EXPIRED & LOCKED	DEFAULT	SYSAUX	Yes	PASSWORD
SPATIAL_CSW_ADMIN_USR	EXPIRED & LOCKED	DEFAULT	USERS	Yes	PASSWORD
SYS	LOCKED	DEFAULT	SYSTEM	Yes	PASSWORD
SYS$UMF	EXPIRED & LOCKED	DEFAULT	SYSTEM	Yes	PASSWORD
SYSBACKUP	EXPIRED & LOCKED	DEFAULT	USERS	Yes	PASSWORD
SYSDG	EXPIRED & LOCKED	DEFAULT	USERS	Yes	PASSWORD
SYSKM	EXPIRED & LOCKED	DEFAULT	USERS	Yes	PASSWORD
SYSRAC	EXPIRED & LOCKED	DEFAULT	USERS	Yes	PASSWORD
SYSTEM	OPEN	DEFAULT	SYSTEM	Yes	PASSWORD
TEST2	LOCKED	DEFAULT	USERS	No	PASSWORD
WMSYS	EXPIRED & LOCKED	DEFAULT	SYSAUX	Yes	PASSWORD
XDB	EXPIRED & LOCKED	DEFAULT	SYSAUX	Yes	PASSWORD

User Accounts in SYSTEM or SYSAUX Tablespace

USER.TBLSPACE

Status

Pass

Summary

No user uses SYSTEM or SYSAUX tablespace.

Remarks

The SYSTEM and SYSAUX tablespaces are reserved for Oracle-supplied user accounts. To avoid a possible denial of service caused by exhausting these resources, regular user accounts should not use these tablespaces. Prior to Oracle Database 12.2, the SYSTEM tablespace cannot be encrypted, and this is another reason to avoid user schemas in this tablespace.

Sample Schemas

USER.SAMPLE

CIS

Status

Medium Risk

Summary

Found 7 sample schemas.

Details

Sample schemas: BI, HR, IX, OE, PM, SCOTT, SH

Remarks

Sample schemas are well-known accounts provided by Oracle to serve as simple examples for developers. They generally serve no purpose in a production database and should be removed because they unnecessarily increase the attack surface of the database.

References

CIS Oracle Database 12c Benchmark v2.0.0: Recommendation 1.3

Inactive Users

USER.INACTIVE

Status

Low Risk

Summary

Found 9 unlocked users inactive for more than 30 days.

Details

Inactive users: BI, HR, IX, O12TEST, OE, PM, SCOTT, SH, SYSTEM

Remarks

If a user account is no longer in use, it increases the attack surface of the system unnecessarily while providing no corresponding benefit. Furthermore, unauthorized use is less likely to be noticed when no one is regularly using the account. Accounts that have been unused for more than 30 days should be investigated to determine whether they should remain active.

Case-Sensitive Passwords

USER.CASE

CIS

Status

Pass

Summary

Case-sensitive passwords are used.

Details

SEC_CASE_SENSITIVE_LOGON=TRUE

Remarks

Case-sensitive passwords are recommended because including both upper and lower-case letters greatly increases the set of possible passwords that must be searched by an attacker who is attempting to guess a password by exhaustive search. Setting SEC_CASE_SENSITIVE_LOGON to TRUE ensures that the database distinguishes between upper and lower-case letters in passwords.

References

CIS Oracle Database 12c Benchmark v2.0.0: Recommendation 2.2.12

Users with Expired Passwords

USER.EXPIRED

Status

Pass

Summary

No unlocked users with password expired for more than 30 days found.

Remarks

Password expiration is used to ensure that users change their passwords on a regular basis. If a user's password has been expired for more than 30 days, it indicates that the user has not logged in for at least that long. Accounts that have been unused for an extended period of time should be investigated to determine whether they should remain active.

Users with Default Passwords

USER.DEFPWD

CIS

Status

High Risk

Summary

Found 6 unlocked user accounts with default password.

Details

Users with default password: HR, IX, OE, PM, SCOTT, SH

Remarks

Default account passwords for predefined Oracle accounts are well known. Open accounts with default passwords provide a trivial means of entry for attackers, but well-known passwords should be changed for locked accounts as well.

References

CIS Oracle Database 12c Benchmark v2.0.0: Recommendation 1.2

Minimum Client Authentication Version

USER.AUTHVERS

Status

Low Risk

Summary

Minimum client version is not configured correctly.

Details

SQLNET.ALLOWED_LOGON_VERSION_SERVER=10. Recommended value is 12a.

Remarks

Over time, Oracle releases have added support for increasingly secure versions of the algorithm used for password authentication of user accounts. In order to remain compatible with older client software, the database continues to support previous password versions as well. The sqlnet.ora parameter ALLOWED_LOGON_VERSION_SERVER determines the minimum password version that the database will accept. For maximum security, this parameter should be set to the highest value supported by the database once all client systems have been upgraded.

Password Verifiers

USER.VERIFIER

Status

Medium Risk

Summary

Found 2 user accounts requiring updated password verifiers. No user accounts have HTTP verifiers.

Details

Database supports password versions up to 12C.
Users requiring updated password verifiers: ANONYMOUS(),
    REMOTE_SCHEDULER_AGENT()

Users with HTTP verifiers: (none)

Remarks

For each user account, the database may store multiple verifiers, which are hashes of the user password. Each verifier supports a different version of the password authentication algorithm. Every user account should include a verifier for the latest password version supported by the database so that the user can be authenticated using the latest algorithm supported by the client. When all clients have been updated, the security of user accounts can be improved by removing the obsolete verifiers. HTTP password verifiers are used for XML Database authentication. Use the ALTER USER command to remove these verifiers from user accounts that do not require this access.

User Parameters

USER.PARAM

CIS

Status

Pass

Summary

Examined 2 initialization parameters. No issues found.

Details

SEC_MAX_FAILED_LOGIN_ATTEMPTS=3
RESOURCE_LIMIT=TRUE

Remarks

SEC_MAX_FAILED_LOGIN_ATTEMPTS configures the maximum number of failed login attempts in a single session before the connection is closed. This is independent of the user profile parameter FAILED_LOGIN_ATTEMPTS, which controls locking the user account after multiple failed login attempts. RESOURCE_LIMIT should be set to TRUE to enable enforcement of any resource constraints set in user profiles.

References

CIS Oracle Database 12c Benchmark v2.0.0: Recommendation 2.2.13, 2.2.19

User Profiles

Profile Name	Resource	Value
DEFAULT	(Number of Users)	40
DEFAULT	CONNECT_TIME	UNLIMITED
DEFAULT	FAILED_LOGIN_ATTEMPTS	10
DEFAULT	IDLE_TIME	UNLIMITED
DEFAULT	PASSWORD_GRACE_TIME	7
DEFAULT	PASSWORD_LIFE_TIME	UNLIMITED
DEFAULT	PASSWORD_LOCK_TIME	1
DEFAULT	PASSWORD_REUSE_MAX	UNLIMITED
DEFAULT	PASSWORD_REUSE_TIME	UNLIMITED
DEFAULT	PASSWORD_VERIFY_FUNCTION	NULL
GSM_PROF	(Number of Users)	1
GSM_PROF	CONNECT_TIME	UNLIMITED (DEFAULT)
GSM_PROF	FAILED_LOGIN_ATTEMPTS	10000000
GSM_PROF	IDLE_TIME	UNLIMITED (DEFAULT)
GSM_PROF	PASSWORD_GRACE_TIME	7 (DEFAULT)
GSM_PROF	PASSWORD_LIFE_TIME	UNLIMITED (DEFAULT)
GSM_PROF	PASSWORD_LOCK_TIME	1 (DEFAULT)
GSM_PROF	PASSWORD_REUSE_MAX	UNLIMITED (DEFAULT)
GSM_PROF	PASSWORD_REUSE_TIME	UNLIMITED (DEFAULT)
GSM_PROF	PASSWORD_VERIFY_FUNCTION	NULL (DEFAULT)
ORA_STIG_PROFILE	(Number of Users)	0
ORA_STIG_PROFILE	CONNECT_TIME	UNLIMITED (DEFAULT)
ORA_STIG_PROFILE	FAILED_LOGIN_ATTEMPTS	3
ORA_STIG_PROFILE	IDLE_TIME	15
ORA_STIG_PROFILE	PASSWORD_GRACE_TIME	5
ORA_STIG_PROFILE	PASSWORD_LIFE_TIME	60
ORA_STIG_PROFILE	PASSWORD_LOCK_TIME	UNLIMITED
ORA_STIG_PROFILE	PASSWORD_REUSE_MAX	10
ORA_STIG_PROFILE	PASSWORD_REUSE_TIME	365
ORA_STIG_PROFILE	PASSWORD_VERIFY_FUNCTION	ORA12C_STIG_VERIFY_FUNCTION

Users with Unlimited Password Lifetime

USER.NOEXPIRE

CIS

Status

Low Risk

Summary

Found 41 users with passwords that never expire. Found 41 users with no limits on password reuse. Found 41 users with no minimum time before password reuse. All users lock after password expiration.

Details

PASSWORD_LIFE_TIME:
Profiles with limited password lifetime: ORA_STIG_PROFILE(60)
Profiles with unlimited password lifetime: DEFAULT, GSM_PROF
Users with unlimited password lifetime: ANONYMOUS, APPQOSSYS, AUDSYS, BI,
    CTXSYS, DBSFWUSER, DBSNMP, DIP, GGSYS, GSMADMIN_INTERNAL, GSMCATUSER,
    GSMUSER, HR, IX, MDDATA, MDSYS, O12TEST, OE, OJVMSYS, OLAPSYS,
    ORACLE_OCM, ORDDATA, ORDPLUGINS, ORDSYS, OUTLN, PM,
    REMOTE_SCHEDULER_AGENT, SCOTT, SH, SI_INFORMTN_SCHEMA,
    SPATIAL_CSW_ADMIN_USR, SYS, SYS$UMF, SYSBACKUP, SYSDG, SYSKM, SYSRAC,
    SYSTEM, TEST2, WMSYS, XDB

PASSWORD_REUSE_MAX:
Profiles with limits on password reuse: ORA_STIG_PROFILE(10)
Profiles without limits on password reuse: DEFAULT, GSM_PROF
Users without limits on password reuse: ANONYMOUS, APPQOSSYS, AUDSYS, BI,
    CTXSYS, DBSFWUSER, DBSNMP, DIP, GGSYS, GSMADMIN_INTERNAL, GSMCATUSER,
    GSMUSER, HR, IX, MDDATA, MDSYS, O12TEST, OE, OJVMSYS, OLAPSYS,
    ORACLE_OCM, ORDDATA, ORDPLUGINS, ORDSYS, OUTLN, PM,
    REMOTE_SCHEDULER_AGENT, SCOTT, SH, SI_INFORMTN_SCHEMA,
    SPATIAL_CSW_ADMIN_USR, SYS, SYS$UMF, SYSBACKUP, SYSDG, SYSKM, SYSRAC,
    SYSTEM, TEST2, WMSYS, XDB

PASSWORD_REUSE_TIME:
Profiles with minimum time before password reuse: ORA_STIG_PROFILE(365)
Profiles without minimum time before password reuse: DEFAULT, GSM_PROF
Users without minimum time before password reuse: ANONYMOUS, APPQOSSYS,
    AUDSYS, BI, CTXSYS, DBSFWUSER, DBSNMP, DIP, GGSYS, GSMADMIN_INTERNAL,
    GSMCATUSER, GSMUSER, HR, IX, MDDATA, MDSYS, O12TEST, OE, OJVMSYS,
    OLAPSYS, ORACLE_OCM, ORDDATA, ORDPLUGINS, ORDSYS, OUTLN, PM,
    REMOTE_SCHEDULER_AGENT, SCOTT, SH, SI_INFORMTN_SCHEMA,
    SPATIAL_CSW_ADMIN_USR, SYS, SYS$UMF, SYSBACKUP, SYSDG, SYSKM, SYSRAC,
    SYSTEM, TEST2, WMSYS, XDB

PASSWORD_GRACE_TIME:
Profiles with locking after password expiration: DEFAULT(7), GSM_PROF(7),
    ORA_STIG_PROFILE(5)
Profiles without locking after password expiration: (none)
Users without locking after password expiration: (none)

Remarks

Password expiration is used to ensure that users change their passwords on a regular basis. Passwords that never expire may remain unchanged for an extended period of time. When passwords do not have to be changed regularly, users are also more likely to use the same passwords for multiple accounts.

References

CIS Oracle Database 12c Benchmark v2.0.0: Recommendation 3.3, 3.4, 3.5, 3.6

Account Locking after Failed Login Attempts

USER.NOLOCK

CIS

Status

Pass

Summary

No users have unlimited failed login attempts. All users have minimum lock time.

Details

FAILED_LOGIN_ATTEMPTS:
Profiles with limited failed login attempts: DEFAULT(10),
    GSM_PROF(10000000), ORA_STIG_PROFILE(3)
Profiles with unlimited failed login attempts: (none)
Users with unlimited failed login attempts: (none)

PASSWORD_LOCK_TIME:
Profiles with minimum lock time: DEFAULT(1), GSM_PROF(1)
Profiles without minimum lock time: ORA_STIG_PROFILE
Users without minimum lock time: (none)

Remarks

Attackers sometimes attempt to guess a user's password by simply trying all possibilities from a set of common passwords. To defend against this attack, it is advisable to use the FAILED_LOGIN_ATTEMPTS and PASSWORD_LOCK_TIME profile resources to lock user accounts for a specified time when there are multiple failed login attempts without a successful login.

References

CIS Oracle Database 12c Benchmark v2.0.0: Recommendation 3.1, 3.2

Password Verification Functions

USER.PASSWD

CIS

Status

Medium Risk

Summary

Found 41 users not using password verification function.

Details

Profiles with password verification function:
    ORA_STIG_PROFILE(ORA12C_STIG_VERIFY_FUNCTION)
Profiles without password verification function: DEFAULT, GSM_PROF
Users without password verification function: ANONYMOUS, APPQOSSYS, AUDSYS,
    BI, CTXSYS, DBSFWUSER, DBSNMP, DIP, GGSYS, GSMADMIN_INTERNAL,
    GSMCATUSER, GSMUSER, HR, IX, MDDATA, MDSYS, O12TEST, OE, OJVMSYS,
    OLAPSYS, ORACLE_OCM, ORDDATA, ORDPLUGINS, ORDSYS, OUTLN, PM,
    REMOTE_SCHEDULER_AGENT, SCOTT, SH, SI_INFORMTN_SCHEMA,
    SPATIAL_CSW_ADMIN_USR, SYS, SYS$UMF, SYSBACKUP, SYSDG, SYSKM, SYSRAC,
    SYSTEM, TEST2, WMSYS, XDB

Remarks

Password verification functions are used to ensure that user passwords meet minimum requirements for complexity, which may include factors such as length, use of numbers or punctuation characters, difference from previous passwords, etc. Oracle supplies several predefined functions, or a custom PL/SQL function can be used. Every user profile should include a password verification function.

References

CIS Oracle Database 12c Benchmark v2.0.0: Recommendation 3.8

Privileges and Roles

All System Privileges

PRIV.SYSTEM

CIS

Status

Evaluate

Summary

971 grants of system privileges (48 with admin option).

Details

Users directly or indirectly granted each system privilege:

ADMINISTER ANY SQL TUNING SET: O12TEST, SYSTEM
ADMINISTER DATABASE TRIGGER: GSMADMIN_INTERNAL, MDSYS, O12TEST, SYSTEM,
    WMSYS
ADMINISTER KEY MANAGEMENT: SYSKM(*)
ADMINISTER RESOURCE MANAGER: APPQOSSYS, GSMADMIN_INTERNAL, O12TEST, SYSTEM
ADMINISTER SQL MANAGEMENT OBJECT: GSMADMIN_INTERNAL, O12TEST, SYSTEM
ADMINISTER SQL TUNING SET: O12TEST, SYSTEM
ADVISOR: DBSNMP, O12TEST, SYSTEM
ALTER ANY ANALYTIC VIEW: O12TEST, SYSTEM
ALTER ANY ASSEMBLY: O12TEST, SYSTEM
ALTER ANY ATTRIBUTE DIMENSION: O12TEST, SYSTEM
ALTER ANY CLUSTER: O12TEST, SYSTEM
ALTER ANY CUBE: O12TEST, SYSTEM
ALTER ANY CUBE BUILD PROCESS: O12TEST, SYSTEM
ALTER ANY CUBE DIMENSION: O12TEST, SYSTEM
ALTER ANY DIMENSION: O12TEST, SYSTEM
ALTER ANY EDITION: O12TEST, SYSTEM
ALTER ANY EVALUATION CONTEXT: O12TEST, SYSTEM
ALTER ANY HIERARCHY: O12TEST, SYSTEM
ALTER ANY INDEX: GGSYS, GSMADMIN_INTERNAL, GSMUSER, O12TEST, SYSTEM, WMSYS
ALTER ANY INDEXTYPE: O12TEST, SYSTEM
ALTER ANY LIBRARY: O12TEST, SYSTEM
ALTER ANY MATERIALIZED VIEW: GSMUSER, O12TEST, SYSTEM
ALTER ANY MEASURE FOLDER: O12TEST, SYSTEM
ALTER ANY MINING MODEL: O12TEST, SYSTEM
ALTER ANY OPERATOR: O12TEST, SYSTEM
ALTER ANY OUTLINE: O12TEST, SYSTEM
ALTER ANY PROCEDURE: GSMADMIN_INTERNAL, GSMUSER, O12TEST, SYSTEM, WMSYS
ALTER ANY ROLE: O12TEST, SPATIAL_CSW_ADMIN_USR, SYSTEM
ALTER ANY RULE: O12TEST, SYSTEM
ALTER ANY RULE SET: O12TEST, SYSTEM
ALTER ANY SEQUENCE: GSMUSER, O12TEST, SYSTEM, WMSYS
ALTER ANY SQL PROFILE: O12TEST, SYSTEM
ALTER ANY SQL TRANSLATION PROFILE: O12TEST, SYSTEM
ALTER ANY TABLE: GGSYS, GSMADMIN_INTERNAL, GSMUSER, MDSYS, O12TEST, SYSTEM,
    WMSYS
ALTER ANY TRIGGER: GSMADMIN_INTERNAL, O12TEST, SYSTEM, WMSYS
ALTER ANY TYPE: GSMADMIN_INTERNAL, O12TEST, SYSTEM
ALTER DATABASE: GSMADMIN_INTERNAL, O12TEST, SYSBACKUP, SYSDG, SYSRAC,
    SYSTEM
ALTER LOCKDOWN PROFILE: O12TEST, SYSTEM
ALTER PROFILE: GSMADMIN_INTERNAL, O12TEST, SYSTEM
ALTER RESOURCE COST: GSMADMIN_INTERNAL, O12TEST, SYSTEM
ALTER ROLLBACK SEGMENT: O12TEST, SYSTEM
ALTER SESSION: APPQOSSYS, BI, CTXSYS, GSMADMIN_INTERNAL, GSMCATUSER, HR,
    IX, O12TEST, SH, SYSBACKUP, SYSDG, SYSRAC, SYSTEM, WMSYS, XDB
ALTER SYSTEM: GSMADMIN_INTERNAL, GSMCATUSER, O12TEST, SYSBACKUP, SYSDG,
    SYSRAC, SYSTEM
ALTER TABLESPACE: GSMADMIN_INTERNAL, O12TEST, SYSBACKUP, SYSTEM
ALTER USER: GSMADMIN_INTERNAL, O12TEST, SYSTEM, WMSYS
ANALYZE ANY: DBSNMP, GSMADMIN_INTERNAL, O12TEST, SYSTEM
ANALYZE ANY DICTIONARY: DBSNMP, O12TEST, SYSTEM
AUDIT ANY: GSMADMIN_INTERNAL, O12TEST, SYSBACKUP, SYSTEM
AUDIT SYSTEM: GSMADMIN_INTERNAL, O12TEST, SYSTEM
BACKUP ANY TABLE: GSMADMIN_INTERNAL, O12TEST, SYSTEM
BECOME USER: GSMADMIN_INTERNAL, O12TEST, SYSTEM
CHANGE NOTIFICATION: O12TEST, SYSTEM
COMMENT ANY MINING MODEL: O12TEST, SYSTEM
COMMENT ANY TABLE: GSMADMIN_INTERNAL, O12TEST, SYSTEM
CREATE ANALYTIC VIEW: O12TEST, SYSTEM
CREATE ANY ANALYTIC VIEW: O12TEST, SYSTEM
CREATE ANY ASSEMBLY: O12TEST, SYSTEM
CREATE ANY ATTRIBUTE DIMENSION: O12TEST, SYSTEM
CREATE ANY CLUSTER: GSMADMIN_INTERNAL, O12TEST, SYSBACKUP, SYSTEM
CREATE ANY CONTEXT: GSMADMIN_INTERNAL, O12TEST, SYSTEM
CREATE ANY CREDENTIAL: GSMADMIN_INTERNAL, O12TEST(*), SYSTEM(*)
CREATE ANY CUBE: O12TEST, OLAPSYS, SYSTEM
CREATE ANY CUBE BUILD PROCESS: O12TEST, OLAPSYS, SYSTEM
CREATE ANY CUBE DIMENSION: O12TEST, OLAPSYS, SYSTEM
CREATE ANY DIMENSION: GSMADMIN_INTERNAL, O12TEST, SYSTEM
CREATE ANY DIRECTORY: GSMADMIN_INTERNAL, O12TEST, SPATIAL_CSW_ADMIN_USR,
    SYSBACKUP, SYSTEM
CREATE ANY EDITION: O12TEST, SYSTEM
CREATE ANY EVALUATION CONTEXT: O12TEST, SYSTEM
CREATE ANY HIERARCHY: O12TEST, SYSTEM
CREATE ANY INDEX: GSMADMIN_INTERNAL, GSMUSER, O12TEST, SYSTEM, WMSYS
CREATE ANY INDEXTYPE: GSMADMIN_INTERNAL, O12TEST, SYSTEM
CREATE ANY JOB: GSMADMIN_INTERNAL, O12TEST(*), SYSTEM(*)
CREATE ANY LIBRARY: GSMADMIN_INTERNAL, O12TEST, SYSTEM
CREATE ANY MATERIALIZED VIEW: GSMADMIN_INTERNAL, GSMUSER, O12TEST, SYSTEM
CREATE ANY MEASURE FOLDER: O12TEST, OLAPSYS, SYSTEM
CREATE ANY MINING MODEL: O12TEST, SYSTEM
CREATE ANY OPERATOR: GSMADMIN_INTERNAL, O12TEST, SYSTEM
CREATE ANY OUTLINE: O12TEST, SYSTEM
CREATE ANY PROCEDURE: GSMADMIN_INTERNAL, GSMUSER, O12TEST, SYSTEM, WMSYS
CREATE ANY RULE: O12TEST, SYSTEM
CREATE ANY RULE SET: O12TEST, SYSTEM
CREATE ANY SEQUENCE: GSMADMIN_INTERNAL, GSMUSER, MDSYS, O12TEST, SYSTEM,
    WMSYS
CREATE ANY SQL PROFILE: GSMADMIN_INTERNAL, O12TEST, SYSTEM
CREATE ANY SQL TRANSLATION PROFILE: O12TEST, SYSTEM
CREATE ANY SYNONYM: GSMADMIN_INTERNAL, GSMUSER, O12TEST, SYSTEM
CREATE ANY TABLE: GGSYS, GSMADMIN_INTERNAL, GSMUSER, O12TEST, OLAPSYS,
    SYSBACKUP, SYSTEM, WMSYS
CREATE ANY TRIGGER: GSMADMIN_INTERNAL, MDSYS, O12TEST, SYSTEM, WMSYS
CREATE ANY TYPE: GSMADMIN_INTERNAL, O12TEST, SYSTEM
CREATE ANY VIEW: GSMADMIN_INTERNAL, GSMUSER, O12TEST, OLAPSYS, SYSTEM,
    WMSYS
CREATE ASSEMBLY: O12TEST, SYSTEM
CREATE ATTRIBUTE DIMENSION: O12TEST, SYSTEM
CREATE CLUSTER: BI, CTXSYS, GGSYS, HR, IX, MDDATA, MDSYS, O12TEST, OE,
    OJVMSYS, OUTLN, PM, SCOTT, SH, SPATIAL_CSW_ADMIN_USR, SYSTEM, XDB
CREATE CREDENTIAL: O12TEST(*), SYSTEM(*)
CREATE CUBE: O12TEST, SYSTEM
CREATE CUBE BUILD PROCESS: O12TEST, SYSTEM
CREATE CUBE DIMENSION: O12TEST, SYSTEM
CREATE DATABASE LINK: BI, GGSYS, GSMADMIN_INTERNAL, HR, IX, O12TEST, OE,
    SH, SYSTEM
CREATE DIMENSION: O12TEST, SH, SYSTEM
CREATE EVALUATION CONTEXT: GSMCATUSER(*), IX(*), MDSYS(*), O12TEST,
    SYSRAC(*), SYSTEM(*)
CREATE EXTERNAL JOB: GSMADMIN_INTERNAL, O12TEST(*), SYSTEM(*)
CREATE HIERARCHY: O12TEST, SYSTEM
CREATE INDEXTYPE: BI, CTXSYS, GGSYS, HR, IX, MDDATA, MDSYS, O12TEST, OE,
    OJVMSYS, OUTLN, PM, SCOTT, SH, SPATIAL_CSW_ADMIN_USR, SYSTEM, XDB
CREATE JOB: CTXSYS, DBSNMP, GSMADMIN_INTERNAL, MDSYS, O12TEST(*), OLAPSYS,
    ORACLE_OCM, SYSTEM(*), XDB
CREATE LIBRARY: GSMADMIN_INTERNAL, MDSYS, O12TEST, SPATIAL_CSW_ADMIN_USR,
    SYSTEM, XDB
CREATE LOCKDOWN PROFILE: O12TEST, SYSTEM
CREATE MATERIALIZED VIEW: O12TEST, OE, SH, SYSTEM
CREATE MEASURE FOLDER: O12TEST, SYSTEM
CREATE MINING MODEL: O12TEST, SYSTEM
CREATE OPERATOR: BI, CTXSYS, GGSYS, HR, IX, MDDATA, MDSYS, O12TEST, OE,
    OJVMSYS, OUTLN, PM, SCOTT, SH, SPATIAL_CSW_ADMIN_USR, SYSTEM, XDB
CREATE PLUGGABLE DATABASE: O12TEST, SYSTEM
CREATE PROCEDURE: BI, CTXSYS, DBSNMP, GGSYS, HR, IX, MDDATA, MDSYS,
    O12TEST, OE, OJVMSYS, OUTLN, PM, SCOTT, SH, SPATIAL_CSW_ADMIN_USR,
    SYSTEM, XDB
CREATE PROFILE: GSMADMIN_INTERNAL, O12TEST, SYSTEM
CREATE PUBLIC DATABASE LINK: GSMADMIN_INTERNAL, O12TEST, SYSTEM
CREATE PUBLIC SYNONYM: CTXSYS, GSMADMIN_INTERNAL, MDSYS, O12TEST, SYSTEM,
    XDB
CREATE ROLE: GSMADMIN_INTERNAL, O12TEST, SPATIAL_CSW_ADMIN_USR, SYSTEM
CREATE ROLLBACK SEGMENT: GSMADMIN_INTERNAL, O12TEST, SYSTEM
CREATE RULE: GSMCATUSER(*), IX(*), MDSYS(*), O12TEST, SYSRAC(*), SYSTEM(*)
CREATE RULE SET: GSMCATUSER(*), IX(*), MDSYS(*), O12TEST, SYSRAC(*),
    SYSTEM(*)
CREATE SEQUENCE: BI, CTXSYS, GGSYS, GSMADMIN_INTERNAL, HR, IX, MDDATA,
    MDSYS, O12TEST, OE, OJVMSYS, OLAPSYS, OUTLN, PM, SCOTT, SH,
    SPATIAL_CSW_ADMIN_USR, SYSTEM, XDB
CREATE SESSION: ANONYMOUS, APPQOSSYS, BI, CTXSYS, DBSFWUSER, DBSNMP, DIP,
    GGSYS, GSMADMIN_INTERNAL, GSMCATUSER, GSMUSER, HR, IX, MDDATA, MDSYS,
    O12TEST, OE, OUTLN, PM, SCOTT(*), SH, SPATIAL_CSW_ADMIN_USR, SYS$UMF,
    SYSTEM, XDB
CREATE SQL TRANSLATION PROFILE: O12TEST, SYSTEM
CREATE SYNONYM: BI, CTXSYS, HR, IX, O12TEST, OE, SH, SYSTEM
CREATE TABLE: AUDSYS, BI, CTXSYS, DBSNMP, GGSYS, GSMADMIN_INTERNAL, HR, IX,
    MDDATA, MDSYS, O12TEST, OE, OJVMSYS, OUTLN, PM, SCOTT, SH,
    SPATIAL_CSW_ADMIN_USR, SYSTEM, XDB
CREATE TABLESPACE: GSMADMIN_INTERNAL, GSMUSER, O12TEST, SYSTEM
CREATE TRIGGER: BI, CTXSYS, GGSYS, HR, IX, MDDATA, MDSYS, O12TEST, OE,
    OJVMSYS, OUTLN, PM, SCOTT, SH, SPATIAL_CSW_ADMIN_USR, SYSTEM, XDB
CREATE TYPE: BI, CTXSYS, GGSYS, HR, IX, MDDATA, MDSYS, O12TEST, OE,
    OJVMSYS, OUTLN, PM, SCOTT, SH, SPATIAL_CSW_ADMIN_USR, SYSTEM, XDB
CREATE USER: GSMADMIN_INTERNAL, O12TEST, SYSTEM, WMSYS
CREATE VIEW: BI, CTXSYS, HR, IX, MDSYS, O12TEST, OE, SCOTT, SH, SYSTEM, XDB
DEBUG ANY PROCEDURE: O12TEST, SYSTEM
DEBUG CONNECT ANY: O12TEST, SYSTEM
DEBUG CONNECT SESSION: O12TEST, SYSTEM
DELETE ANY CUBE DIMENSION: O12TEST, OLAPSYS, SYSTEM
DELETE ANY MEASURE FOLDER: O12TEST, OLAPSYS, SYSTEM
DELETE ANY TABLE: GSMADMIN_INTERNAL, MDSYS, O12TEST, OLAPSYS, SYSTEM, WMSYS
DEQUEUE ANY QUEUE: GSMCATUSER(*), IX(*), MDSYS(*), O12TEST, SYSRAC(*),
    SYSTEM(*)
DROP ANY ANALYTIC VIEW: O12TEST, SYSTEM
DROP ANY ASSEMBLY: O12TEST, SYSTEM
DROP ANY ATTRIBUTE DIMENSION: O12TEST, SYSTEM
DROP ANY CLUSTER: GSMADMIN_INTERNAL, O12TEST, SYSTEM
DROP ANY CONTEXT: GSMADMIN_INTERNAL, O12TEST, SYSTEM
DROP ANY CUBE: O12TEST, OLAPSYS, SYSTEM
DROP ANY CUBE BUILD PROCESS: O12TEST, OLAPSYS, SYSTEM
DROP ANY CUBE DIMENSION: O12TEST, OLAPSYS, SYSTEM
DROP ANY DIMENSION: GSMADMIN_INTERNAL, O12TEST, SYSTEM
DROP ANY DIRECTORY: GSMADMIN_INTERNAL, O12TEST, SYSTEM
DROP ANY EDITION: O12TEST, SYSTEM
DROP ANY EVALUATION CONTEXT: O12TEST, SYSTEM
DROP ANY HIERARCHY: O12TEST, SYSTEM
DROP ANY INDEX: GSMADMIN_INTERNAL, GSMUSER, O12TEST, SYSTEM, WMSYS
DROP ANY INDEXTYPE: GSMADMIN_INTERNAL, O12TEST, SYSTEM
DROP ANY LIBRARY: GSMADMIN_INTERNAL, O12TEST, SYSTEM
DROP ANY MATERIALIZED VIEW: GSMADMIN_INTERNAL, GSMUSER, O12TEST, SYSTEM
DROP ANY MEASURE FOLDER: O12TEST, OLAPSYS, SYSTEM
DROP ANY MINING MODEL: O12TEST, SYSTEM
DROP ANY OPERATOR: GSMADMIN_INTERNAL, O12TEST, SYSTEM
DROP ANY OUTLINE: GSMADMIN_INTERNAL, O12TEST, SYSTEM
DROP ANY PROCEDURE: GSMADMIN_INTERNAL, GSMUSER, O12TEST, SYSTEM, WMSYS
DROP ANY ROLE: GSMADMIN_INTERNAL, O12TEST, SPATIAL_CSW_ADMIN_USR, SYSTEM
DROP ANY RULE: O12TEST, SYSTEM
DROP ANY RULE SET: O12TEST, SYSTEM
DROP ANY SEQUENCE: GSMADMIN_INTERNAL, GSMUSER, O12TEST, SYSTEM, WMSYS
DROP ANY SQL PROFILE: GSMADMIN_INTERNAL, O12TEST, SYSTEM
DROP ANY SQL TRANSLATION PROFILE: O12TEST, SYSTEM
DROP ANY SYNONYM: GSMADMIN_INTERNAL, GSMUSER, O12TEST, SYSTEM
DROP ANY TABLE: GSMADMIN_INTERNAL, GSMUSER, O12TEST, OLAPSYS, SYSTEM, WMSYS
DROP ANY TRIGGER: GSMADMIN_INTERNAL, MDSYS, O12TEST, SYSTEM, WMSYS
DROP ANY TYPE: GSMADMIN_INTERNAL, O12TEST, SYSTEM
DROP ANY VIEW: GSMADMIN_INTERNAL, GSMUSER, O12TEST, OLAPSYS, SYSTEM, WMSYS
DROP LOCKDOWN PROFILE: O12TEST, SYSTEM
DROP PROFILE: GSMADMIN_INTERNAL, O12TEST, SYSTEM
DROP PUBLIC DATABASE LINK: GSMADMIN_INTERNAL, O12TEST, SYSTEM
DROP PUBLIC SYNONYM: CTXSYS, GSMADMIN_INTERNAL, MDSYS, O12TEST, SYSTEM, XDB
DROP ROLLBACK SEGMENT: GSMADMIN_INTERNAL, O12TEST, SYSTEM
DROP TABLESPACE: GSMADMIN_INTERNAL, O12TEST, SYSBACKUP, SYSTEM
DROP USER: GSMADMIN_INTERNAL, O12TEST, SYSTEM, WMSYS
EM EXPRESS CONNECT: O12TEST, SYSTEM
ENQUEUE ANY QUEUE: GSMCATUSER(*), IX(*), MDSYS(*), O12TEST, SYSRAC(*),
    SYSTEM(*)
EXECUTE ANY ASSEMBLY: O12TEST, SYSTEM
EXECUTE ANY CLASS: O12TEST(*), SYSTEM(*)
EXECUTE ANY EVALUATION CONTEXT: O12TEST, SYSTEM
EXECUTE ANY INDEXTYPE: O12TEST, SYSTEM
EXECUTE ANY LIBRARY: O12TEST, SYSTEM
EXECUTE ANY OPERATOR: GSMADMIN_INTERNAL, O12TEST, SYSTEM
EXECUTE ANY PROCEDURE: GSMADMIN_INTERNAL, O12TEST, OUTLN, SYSTEM, WMSYS
EXECUTE ANY PROGRAM: O12TEST(*), SYSTEM(*)
EXECUTE ANY RULE: O12TEST, SYSTEM
EXECUTE ANY RULE SET: O12TEST, SYSTEM
EXECUTE ANY TYPE: GSMADMIN_INTERNAL, O12TEST, SYSTEM, WMSYS
EXECUTE ASSEMBLY: O12TEST, SYSTEM
EXEMPT ACCESS POLICY: MDSYS
EXEMPT DDL REDACTION POLICY: O12TEST, SYSTEM
EXEMPT DML REDACTION POLICY: O12TEST, SYSTEM
EXEMPT REDACTION POLICY: GSMADMIN_INTERNAL, O12TEST, SYSTEM
EXPORT FULL DATABASE: O12TEST, SYSTEM
FLASHBACK ANY TABLE: GSMADMIN_INTERNAL, MDSYS, O12TEST, SYSTEM
FLASHBACK ARCHIVE ADMINISTER: O12TEST, SCOTT, SYSTEM
FORCE ANY TRANSACTION: O12TEST, SYSTEM
FORCE TRANSACTION: O12TEST, SYSTEM
GLOBAL QUERY REWRITE: GSMADMIN_INTERNAL, O12TEST, SYSTEM
GRANT ANY OBJECT PRIVILEGE: GSMADMIN_INTERNAL, O12TEST, SYSTEM
GRANT ANY PRIVILEGE: GSMADMIN_INTERNAL, O12TEST, SYSTEM
GRANT ANY ROLE: GSMADMIN_INTERNAL, O12TEST, SPATIAL_CSW_ADMIN_USR, SYSTEM
IMPORT FULL DATABASE: O12TEST, SYSTEM
INHERIT ANY PRIVILEGES: CTXSYS, DBSNMP, GSMADMIN_INTERNAL, MDSYS,
    ORACLE_OCM, ORDPLUGINS, ORDSYS, WMSYS, XDB
INSERT ANY CUBE DIMENSION: O12TEST, OLAPSYS, SYSTEM
INSERT ANY MEASURE FOLDER: O12TEST, OLAPSYS, SYSTEM
INSERT ANY TABLE: GSMADMIN_INTERNAL, O12TEST, OLAPSYS, SYSTEM, WMSYS
LOCK ANY TABLE: GSMADMIN_INTERNAL, O12TEST, SYSTEM, WMSYS
LOGMINING: O12TEST, SYSTEM
MANAGE ANY FILE GROUP: O12TEST, SYSTEM
MANAGE ANY QUEUE: DBSNMP, GSMADMIN_INTERNAL, GSMCATUSER(*), IX(*),
    MDSYS(*), O12TEST, SYSRAC(*), SYSTEM(*)
MANAGE FILE GROUP: O12TEST, SYSTEM
MANAGE SCHEDULER: CTXSYS, GSMADMIN_INTERNAL, MDSYS, O12TEST(*), SYSTEM(*)
MANAGE TABLESPACE: O12TEST, SYSTEM
MERGE ANY VIEW: O12TEST, SYSTEM
ON COMMIT REFRESH: O12TEST, SYSTEM
QUERY REWRITE: O12TEST, OE, SH, SYSTEM, XDB
READ ANY FILE GROUP: GSMADMIN_INTERNAL, O12TEST, SYSTEM
READ ANY TABLE: O12TEST, SYSTEM
REDEFINE ANY TABLE: O12TEST, SYSTEM
RESTRICTED SESSION: O12TEST, SYSTEM
RESUMABLE: GSMADMIN_INTERNAL, O12TEST, SYSBACKUP, SYSTEM
SELECT ANY CUBE: O12TEST, OLAPSYS, SYSTEM
SELECT ANY CUBE BUILD PROCESS: O12TEST, SYSTEM
SELECT ANY CUBE DIMENSION: O12TEST, OLAPSYS, SYSTEM
SELECT ANY DICTIONARY: DBSNMP, GGSYS, GSMADMIN_INTERNAL, IX, O12TEST,
    SCOTT, SYSBACKUP, SYSDG, SYSTEM, WMSYS
SELECT ANY MEASURE FOLDER: O12TEST, SYSTEM
SELECT ANY MINING MODEL: O12TEST, SYSTEM
SELECT ANY SEQUENCE: GSMADMIN_INTERNAL, O12TEST, SYSTEM, WMSYS
SELECT ANY TABLE: GGSYS, GSMADMIN_INTERNAL, MDSYS, O12TEST, OLAPSYS, SCOTT,
    SYSTEM, WMSYS
SELECT ANY TRANSACTION: O12TEST, SYSBACKUP, SYSTEM
SET CONTAINER: CTXSYS, DBSNMP, GGSYS, GSMCATUSER, GSMUSER, IX, MDDATA,
    MDSYS, O12TEST, OUTLN, PM, SCOTT, SPATIAL_CSW_ADMIN_USR, SYSTEM, XDB
UNDER ANY TABLE: O12TEST, SYSTEM
UNDER ANY TYPE: O12TEST, SYSTEM
UNDER ANY VIEW: O12TEST, SYSTEM
UNLIMITED TABLESPACE: BI, CTXSYS, DBSFWUSER, DBSNMP, GGSYS,
    GSMADMIN_INTERNAL, GSMUSER, HR, IX, MDSYS, O12TEST, OE, OJVMSYS,
    ORDDATA, ORDSYS, OUTLN, PM, SCOTT, SH, SI_INFORMTN_SCHEMA, SYSBACKUP,
    SYSTEM, WMSYS, XDB
UPDATE ANY CUBE: O12TEST, OLAPSYS, SYSTEM
UPDATE ANY CUBE BUILD PROCESS: O12TEST, OLAPSYS, SYSTEM
UPDATE ANY CUBE DIMENSION: O12TEST, OLAPSYS, SYSTEM
UPDATE ANY TABLE: GSMADMIN_INTERNAL, MDSYS, O12TEST, OLAPSYS, SYSTEM, WMSYS
USE ANY JOB RESOURCE: O12TEST, SYSTEM
USE ANY SQL TRANSLATION PROFILE: O12TEST, SYSTEM

(*) = granted with admin option

Remarks

System privileges provide the ability to access data or perform administrative operations for the entire database. Consistent with the principle of least privilege, these privileges should be granted sparingly. The Privilege Analysis feature of Database Vault may be helpful to determine the minimum set of privileges required by a user or role. In some cases, it may be possible to substitute a more limited object privilege grant in place of a system privilege grant that applies to all objects. System privileges should be granted with admin option only when the recipient needs the ability to grant the privilege to others.

References

CIS Oracle Database 12c Benchmark v2.0.0: Recommendation 4.7

All Roles

PRIV.ROLES

CIS

Status

Evaluate

Summary

125 grants of roles.

Details

Users directly or indirectly granted each role:

AQ_ADMINISTRATOR_ROLE: GSMCATUSER, IX, MDSYS, SYSRAC, SYSTEM
AQ_USER_ROLE: IX
CAPTURE_ADMIN: O12TEST, SYSTEM
CDB_DBA: DBSNMP
CONNECT: GGSYS, GSMCATUSER, GSMUSER, IX, MDDATA, MDSYS, PM, SCOTT,
    SPATIAL_CSW_ADMIN_USR
CTXAPP: CTXSYS, MDSYS, XDB
DATAPUMP_EXP_FULL_DATABASE: GSMADMIN_INTERNAL, O12TEST, SYSTEM
DATAPUMP_IMP_FULL_DATABASE: GSMADMIN_INTERNAL, O12TEST, SYSTEM
DBA: O12TEST, SYSTEM
DBFS_ROLE: XDB
EM_EXPRESS_ALL: O12TEST, SYSTEM
EM_EXPRESS_BASIC: O12TEST, SYSTEM
EXECUTE_CATALOG_ROLE: GSMADMIN_INTERNAL, O12TEST, SYSTEM
EXP_FULL_DATABASE: GSMADMIN_INTERNAL, O12TEST, SYSTEM
GATHER_SYSTEM_STATISTICS: O12TEST, SYSTEM
GSMADMIN_ROLE: GSMCATUSER
GSMUSER_ROLE: GSMUSER
GSM_POOLADMIN_ROLE: GSMCATUSER
HS_ADMIN_EXECUTE_ROLE: GSMADMIN_INTERNAL, O12TEST, SYSTEM
HS_ADMIN_SELECT_ROLE: DBSNMP, GSMADMIN_INTERNAL, IX, O12TEST, SH, SYS$UMF,
    SYSBACKUP, SYSTEM
IMP_FULL_DATABASE: GSMADMIN_INTERNAL, O12TEST, SYSTEM
JAVAUSERPRIV: ORDSYS
JAVA_ADMIN: O12TEST, SYSTEM
JAVA_DEPLOY: O12TEST, SYSTEM
OEM_MONITOR: DBSNMP
OLAP_DBA: O12TEST, OLAPSYS, SYSTEM
OLAP_XS_ADMIN: O12TEST, SYSTEM
OPTIMIZER_PROCESSING_RATE: O12TEST, SYSTEM
RECOVERY_CATALOG_OWNER: (none)
RECOVERY_CATALOG_USER: (none)
RESOURCE: BI, CTXSYS, GGSYS, HR, IX, MDDATA, MDSYS, O12TEST, OE, OJVMSYS,
    OUTLN, PM, SCOTT, SH, SPATIAL_CSW_ADMIN_USR, XDB
SCHEDULER_ADMIN: O12TEST, SYSTEM
SELECT_CATALOG_ROLE: DBSNMP, GSMADMIN_INTERNAL, IX, O12TEST, SH, SYS$UMF,
    SYSBACKUP, SYSTEM
SODA_APP: BI, CTXSYS, GGSYS, HR, IX, MDDATA, MDSYS, O12TEST, OE, OJVMSYS,
    OUTLN, PM, SCOTT, SH, SPATIAL_CSW_ADMIN_USR, XDB
SPATIAL_CSW_ADMIN: SPATIAL_CSW_ADMIN_USR
SYSUMF_ROLE: SYS$UMF
WM_ADMIN_ROLE: O12TEST, SYSTEM, WMSYS
XDBADMIN: GSMCATUSER, O12TEST, OE, SYSTEM
XDB_SET_INVOKER: O12TEST, SYSTEM

Remarks

Roles are a convenient way to manage groups of related privileges, especially when the privileges are required for a particular task or job function. Beware of broadly defined roles, which may confer more privileges than an individual recipient requires. Roles should be granted with admin option only when the recipient needs the ability to modify the role or grant it to others.

References

CIS Oracle Database 12c Benchmark v2.0.0: Recommendation 4.4.1

Account Management Privileges

PRIV.ACCT

Status

Evaluate

Summary

34 grants of account management privileges.

Details

Grants of ALTER USER, CREATE USER, DROP USER:

GSMADMIN_INTERNAL: ALTER USER
GSMADMIN_INTERNAL <- DATAPUMP_IMP_FULL_DATABASE: ALTER USER
GSMADMIN_INTERNAL <- DATAPUMP_IMP_FULL_DATABASE <- IMP_FULL_DATABASE:
    ALTER USER, CREATE USER, DROP USER

O12TEST <- DBA: ALTER USER, CREATE USER, DROP USER
O12TEST <- DBA <- DATAPUMP_IMP_FULL_DATABASE: ALTER USER
O12TEST <- DBA <- DATAPUMP_IMP_FULL_DATABASE <- IMP_FULL_DATABASE:
    ALTER USER, CREATE USER, DROP USER
O12TEST <- DBA <- EM_EXPRESS_ALL: ALTER USER, CREATE USER, DROP USER
O12TEST <- DBA <- IMP_FULL_DATABASE: ALTER USER, CREATE USER, DROP
    USER

SYSTEM <- DBA: ALTER USER, CREATE USER, DROP USER
SYSTEM <- DBA <- DATAPUMP_IMP_FULL_DATABASE: ALTER USER
SYSTEM <- DBA <- DATAPUMP_IMP_FULL_DATABASE <- IMP_FULL_DATABASE:
    ALTER USER, CREATE USER, DROP USER
SYSTEM <- DBA <- EM_EXPRESS_ALL: ALTER USER, CREATE USER, DROP USER
SYSTEM <- DBA <- IMP_FULL_DATABASE: ALTER USER, CREATE USER, DROP
    USER

WMSYS: ALTER USER, CREATE USER, DROP USER

Remarks

User management privileges (ALTER USER, CREATE USER, DROP USER) can be used to create and modify other user accounts, including changing passwords. This power can be abused to gain access to another user's account, which may have greater privileges.

Privilege Management Privileges

PRIV.MGMT

CIS

Status

Evaluate

Summary

64 grants of privilege management privileges.

Details

Grants of ALTER ANY ROLE, CREATE ROLE, DROP ANY ROLE, GRANT ANY OBJECT
    PRIVILEGE, GRANT ANY PRIVILEGE, GRANT ANY ROLE:

GSMADMIN_INTERNAL: GRANT ANY PRIVILEGE, GRANT ANY ROLE
GSMADMIN_INTERNAL <- DATAPUMP_IMP_FULL_DATABASE: GRANT ANY OBJECT
    PRIVILEGE, GRANT ANY PRIVILEGE, GRANT ANY ROLE
GSMADMIN_INTERNAL <- DATAPUMP_IMP_FULL_DATABASE <- IMP_FULL_DATABASE:
    CREATE ROLE, DROP ANY ROLE, GRANT ANY OBJECT PRIVILEGE, GRANT ANY
    PRIVILEGE, GRANT ANY ROLE

O12TEST <- DBA: ALTER ANY ROLE, CREATE ROLE, DROP ANY ROLE, GRANT ANY
    OBJECT PRIVILEGE, GRANT ANY PRIVILEGE, GRANT ANY ROLE
O12TEST <- DBA <- DATAPUMP_IMP_FULL_DATABASE: GRANT ANY OBJECT
    PRIVILEGE, GRANT ANY PRIVILEGE, GRANT ANY ROLE
O12TEST <- DBA <- DATAPUMP_IMP_FULL_DATABASE <- IMP_FULL_DATABASE:
    CREATE ROLE, DROP ANY ROLE, GRANT ANY OBJECT PRIVILEGE, GRANT ANY
    PRIVILEGE, GRANT ANY ROLE
O12TEST <- DBA <- EM_EXPRESS_ALL: ALTER ANY ROLE, CREATE ROLE, DROP
    ANY ROLE, GRANT ANY OBJECT PRIVILEGE, GRANT ANY PRIVILEGE, GRANT ANY
    ROLE
O12TEST <- DBA <- IMP_FULL_DATABASE: CREATE ROLE, DROP ANY ROLE,
    GRANT ANY OBJECT PRIVILEGE, GRANT ANY PRIVILEGE, GRANT ANY ROLE

SPATIAL_CSW_ADMIN_USR: ALTER ANY ROLE, CREATE ROLE, DROP ANY ROLE, GRANT
    ANY ROLE

SYSTEM <- DBA: ALTER ANY ROLE, CREATE ROLE, DROP ANY ROLE, GRANT ANY
    OBJECT PRIVILEGE, GRANT ANY PRIVILEGE, GRANT ANY ROLE
SYSTEM <- DBA <- DATAPUMP_IMP_FULL_DATABASE: GRANT ANY OBJECT
    PRIVILEGE, GRANT ANY PRIVILEGE, GRANT ANY ROLE
SYSTEM <- DBA <- DATAPUMP_IMP_FULL_DATABASE <- IMP_FULL_DATABASE:
    CREATE ROLE, DROP ANY ROLE, GRANT ANY OBJECT PRIVILEGE, GRANT ANY
    PRIVILEGE, GRANT ANY ROLE
SYSTEM <- DBA <- EM_EXPRESS_ALL: ALTER ANY ROLE, CREATE ROLE, DROP
    ANY ROLE, GRANT ANY OBJECT PRIVILEGE, GRANT ANY PRIVILEGE, GRANT ANY
    ROLE
SYSTEM <- DBA <- IMP_FULL_DATABASE: CREATE ROLE, DROP ANY ROLE, GRANT
    ANY OBJECT PRIVILEGE, GRANT ANY PRIVILEGE, GRANT ANY ROLE

Remarks

Users with privilege management privileges (ALTER ANY ROLE, CREATE ROLE, DROP ANY ROLE, GRANT ANY OBJECT PRIVILEGE, GRANT ANY PRIVILEGE, GRANT ANY ROLE) can change the set of privileges granted to themselves and other users. This ability should be granted sparingly, since it can be used to circumvent many security controls in the database.

References

CIS Oracle Database 12c Benchmark v2.0.0: Recommendation 4.3.10, 4.3.11, 4.3.12

Database Management Privileges

PRIV.DBMGMT

CIS

Status

Evaluate

Summary

35 grants of database management privilege.

Details

Grants of ALTER DATABASE, ALTER SYSTEM, CREATE ANY LIBRARY, CREATE LIBRARY:

GSMADMIN_INTERNAL: ALTER SYSTEM, CREATE LIBRARY
GSMADMIN_INTERNAL <- DATAPUMP_IMP_FULL_DATABASE: ALTER DATABASE
GSMADMIN_INTERNAL <- DATAPUMP_IMP_FULL_DATABASE <- IMP_FULL_DATABASE:
    ALTER DATABASE, CREATE ANY LIBRARY

GSMCATUSER <- GSMADMIN_ROLE: ALTER SYSTEM

MDSYS: CREATE LIBRARY

O12TEST <- DBA: ALTER DATABASE, ALTER SYSTEM, CREATE ANY LIBRARY, CREATE
    LIBRARY
O12TEST <- DBA <- DATAPUMP_IMP_FULL_DATABASE: ALTER DATABASE
O12TEST <- DBA <- DATAPUMP_IMP_FULL_DATABASE <- IMP_FULL_DATABASE:
    ALTER DATABASE, CREATE ANY LIBRARY
O12TEST <- DBA <- EM_EXPRESS_ALL: ALTER SYSTEM
O12TEST <- DBA <- IMP_FULL_DATABASE: ALTER DATABASE, CREATE ANY
    LIBRARY

SPATIAL_CSW_ADMIN_USR: CREATE LIBRARY

SYSBACKUP: ALTER DATABASE, ALTER SYSTEM

SYSDG: ALTER DATABASE, ALTER SYSTEM

SYSRAC: ALTER DATABASE, ALTER SYSTEM

SYSTEM <- DBA: ALTER DATABASE, ALTER SYSTEM, CREATE ANY LIBRARY, CREATE
    LIBRARY
SYSTEM <- DBA <- DATAPUMP_IMP_FULL_DATABASE: ALTER DATABASE
SYSTEM <- DBA <- DATAPUMP_IMP_FULL_DATABASE <- IMP_FULL_DATABASE:
    ALTER DATABASE, CREATE ANY LIBRARY
SYSTEM <- DBA <- EM_EXPRESS_ALL: ALTER SYSTEM
SYSTEM <- DBA <- IMP_FULL_DATABASE: ALTER DATABASE, CREATE ANY
    LIBRARY

XDB: CREATE LIBRARY

Remarks

Database management privileges (ALTER DATABASE, ALTER SYSTEM, CREATE ANY LIBRARY, CREATE LIBRARY) can be used to change the operation of the database and potentially bypass security protections. This ability should be granted only to trusted administrators.

References

CIS Oracle Database 12c Benchmark v2.0.0: Recommendation 4.3.7, 4.3.8, 4.3.9

Audit Management Privileges

PRIV.AUDIT

CIS

Status

Evaluate

Summary

23 grants of audit privilege.

Details

Grants of AUDIT ANY, AUDIT SYSTEM:

GSMADMIN_INTERNAL <- DATAPUMP_IMP_FULL_DATABASE: AUDIT ANY, AUDIT SYSTEM
GSMADMIN_INTERNAL <- DATAPUMP_IMP_FULL_DATABASE <- IMP_FULL_DATABASE:
    AUDIT ANY, AUDIT SYSTEM

O12TEST <- DBA: AUDIT ANY, AUDIT SYSTEM
O12TEST <- DBA <- DATAPUMP_IMP_FULL_DATABASE: AUDIT ANY, AUDIT SYSTEM
O12TEST <- DBA <- DATAPUMP_IMP_FULL_DATABASE <- IMP_FULL_DATABASE:
    AUDIT ANY, AUDIT SYSTEM
O12TEST <- DBA <- IMP_FULL_DATABASE: AUDIT ANY, AUDIT SYSTEM

SYSBACKUP: AUDIT ANY

SYSTEM <- DBA: AUDIT ANY, AUDIT SYSTEM
SYSTEM <- DBA <- DATAPUMP_IMP_FULL_DATABASE: AUDIT ANY, AUDIT SYSTEM
SYSTEM <- DBA <- DATAPUMP_IMP_FULL_DATABASE <- IMP_FULL_DATABASE:
    AUDIT ANY, AUDIT SYSTEM
SYSTEM <- DBA <- IMP_FULL_DATABASE: AUDIT ANY, AUDIT SYSTEM

(no users) <- AUDIT_ADMIN: AUDIT ANY, AUDIT SYSTEM

Remarks

Audit management privileges (AUDIT ANY, AUDIT SYSTEM) can be used to change the audit policies for the database. This ability should be granted sparingly, since it may be used to hide malicious activity.

References

CIS Oracle Database 12c Benchmark v2.0.0: Recommendation 4.3.3

Data Access Privileges

PRIV.DATA

CIS

Status

Evaluate

Summary

126 grants of data access privileges.

Details

Grants of ALTER ANY TABLE, ALTER ANY TRIGGER, CREATE ANY INDEX, CREATE ANY
    PROCEDURE, CREATE ANY TRIGGER, DELETE ANY TABLE, INSERT ANY TABLE, READ
    ANY TABLE, SELECT ANY DICTIONARY, SELECT ANY TABLE, UPDATE ANY TABLE:

DBSNMP: SELECT ANY DICTIONARY
DBSNMP <- OEM_MONITOR: SELECT ANY DICTIONARY

GGSYS: ALTER ANY TABLE, SELECT ANY DICTIONARY, SELECT ANY TABLE

GSMADMIN_INTERNAL: ALTER ANY TABLE, SELECT ANY DICTIONARY, SELECT ANY TABLE
GSMADMIN_INTERNAL <- DATAPUMP_EXP_FULL_DATABASE <- EXP_FULL_DATABASE:
    SELECT ANY TABLE
GSMADMIN_INTERNAL <- DATAPUMP_IMP_FULL_DATABASE: DELETE ANY TABLE,
    SELECT ANY TABLE
GSMADMIN_INTERNAL <- DATAPUMP_IMP_FULL_DATABASE <- EXP_FULL_DATABASE:
    SELECT ANY TABLE
GSMADMIN_INTERNAL <- DATAPUMP_IMP_FULL_DATABASE <- IMP_FULL_DATABASE:
    ALTER ANY TABLE, ALTER ANY TRIGGER, CREATE ANY INDEX, CREATE ANY
    PROCEDURE, CREATE ANY TRIGGER, DELETE ANY TABLE, INSERT ANY TABLE,
    SELECT ANY TABLE, UPDATE ANY TABLE

GSMUSER: ALTER ANY TABLE, CREATE ANY INDEX, CREATE ANY PROCEDURE

IX: SELECT ANY DICTIONARY

MDSYS: ALTER ANY TABLE, CREATE ANY TRIGGER, DELETE ANY TABLE, SELECT ANY
    TABLE, UPDATE ANY TABLE

O12TEST: SELECT ANY DICTIONARY
O12TEST <- DBA: ALTER ANY TABLE, ALTER ANY TRIGGER, CREATE ANY INDEX,
    CREATE ANY PROCEDURE, CREATE ANY TRIGGER, DELETE ANY TABLE, INSERT ANY
    TABLE, READ ANY TABLE, SELECT ANY DICTIONARY, SELECT ANY TABLE, UPDATE
    ANY TABLE
O12TEST <- DBA <- DATAPUMP_EXP_FULL_DATABASE <- EXP_FULL_DATABASE:
    SELECT ANY TABLE
O12TEST <- DBA <- DATAPUMP_IMP_FULL_DATABASE: DELETE ANY TABLE,
    SELECT ANY TABLE
O12TEST <- DBA <- DATAPUMP_IMP_FULL_DATABASE <- EXP_FULL_DATABASE:
    SELECT ANY TABLE
O12TEST <- DBA <- DATAPUMP_IMP_FULL_DATABASE <- IMP_FULL_DATABASE:
    ALTER ANY TABLE, ALTER ANY TRIGGER, CREATE ANY INDEX, CREATE ANY
    PROCEDURE, CREATE ANY TRIGGER, DELETE ANY TABLE, INSERT ANY TABLE,
    SELECT ANY TABLE, UPDATE ANY TABLE
O12TEST <- DBA <- EXP_FULL_DATABASE: SELECT ANY TABLE
O12TEST <- DBA <- IMP_FULL_DATABASE: ALTER ANY TABLE, ALTER ANY
    TRIGGER, CREATE ANY INDEX, CREATE ANY PROCEDURE, CREATE ANY TRIGGER,
    DELETE ANY TABLE, INSERT ANY TABLE, SELECT ANY TABLE, UPDATE ANY TABLE
O12TEST <- DBA <- OLAP_DBA: DELETE ANY TABLE, INSERT ANY TABLE,
    SELECT ANY TABLE, UPDATE ANY TABLE

OLAPSYS <- OLAP_DBA: DELETE ANY TABLE, INSERT ANY TABLE, SELECT ANY
    TABLE, UPDATE ANY TABLE

SCOTT: SELECT ANY DICTIONARY, SELECT ANY TABLE

SYSBACKUP: SELECT ANY DICTIONARY

SYSDG: SELECT ANY DICTIONARY

SYSTEM: SELECT ANY TABLE
SYSTEM <- DBA: ALTER ANY TABLE, ALTER ANY TRIGGER, CREATE ANY INDEX,
    CREATE ANY PROCEDURE, CREATE ANY TRIGGER, DELETE ANY TABLE, INSERT ANY
    TABLE, READ ANY TABLE, SELECT ANY DICTIONARY, SELECT ANY TABLE, UPDATE
    ANY TABLE
SYSTEM <- DBA <- DATAPUMP_EXP_FULL_DATABASE <- EXP_FULL_DATABASE:
    SELECT ANY TABLE
SYSTEM <- DBA <- DATAPUMP_IMP_FULL_DATABASE: DELETE ANY TABLE, SELECT
    ANY TABLE
SYSTEM <- DBA <- DATAPUMP_IMP_FULL_DATABASE <- EXP_FULL_DATABASE:
    SELECT ANY TABLE
SYSTEM <- DBA <- DATAPUMP_IMP_FULL_DATABASE <- IMP_FULL_DATABASE:
    ALTER ANY TABLE, ALTER ANY TRIGGER, CREATE ANY INDEX, CREATE ANY
    PROCEDURE, CREATE ANY TRIGGER, DELETE ANY TABLE, INSERT ANY TABLE,
    SELECT ANY TABLE, UPDATE ANY TABLE
SYSTEM <- DBA <- EXP_FULL_DATABASE: SELECT ANY TABLE
SYSTEM <- DBA <- IMP_FULL_DATABASE: ALTER ANY TABLE, ALTER ANY
    TRIGGER, CREATE ANY INDEX, CREATE ANY PROCEDURE, CREATE ANY TRIGGER,
    DELETE ANY TABLE, INSERT ANY TABLE, SELECT ANY TABLE, UPDATE ANY TABLE
SYSTEM <- DBA <- OLAP_DBA: DELETE ANY TABLE, INSERT ANY TABLE, SELECT
    ANY TABLE, UPDATE ANY TABLE

WMSYS: ALTER ANY TABLE, ALTER ANY TRIGGER, CREATE ANY INDEX, CREATE ANY
    PROCEDURE, CREATE ANY TRIGGER, DELETE ANY TABLE, INSERT ANY TABLE,
    SELECT ANY DICTIONARY, SELECT ANY TABLE, UPDATE ANY TABLE

Remarks

Users with data access privileges (ALTER ANY TABLE, ALTER ANY TRIGGER, CREATE ANY INDEX, CREATE ANY PROCEDURE, CREATE ANY TRIGGER, DELETE ANY TABLE, INSERT ANY TABLE, READ ANY TABLE, SELECT ANY DICTIONARY, SELECT ANY TABLE, UPDATE ANY TABLE) can override various access controls on data. Most administrative tasks do not require access to the data itself, so these privileges should be granted rarely even to administrators. In addition to minimizing grants of these privileges, consider the use of Database Vault realms to limit the use of these privileges to access sensitive data.

References

CIS Oracle Database 12c Benchmark v2.0.0: Recommendation 4.3.1, 4.3.2

Access Control Exemption Privileges

PRIV.EXEMPT

CIS

Status

Evaluate

Summary

9 grants of access control exemption privileges.

Details

Grants of EXEMPT ACCESS POLICY, EXEMPT REDACTION POLICY:

GSMADMIN_INTERNAL <- DATAPUMP_EXP_FULL_DATABASE <- EXP_FULL_DATABASE:
    EXEMPT REDACTION POLICY
GSMADMIN_INTERNAL <- DATAPUMP_IMP_FULL_DATABASE <- EXP_FULL_DATABASE:
    EXEMPT REDACTION POLICY

MDSYS: EXEMPT ACCESS POLICY

O12TEST <- DBA <- DATAPUMP_EXP_FULL_DATABASE <- EXP_FULL_DATABASE:
    EXEMPT REDACTION POLICY
O12TEST <- DBA <- DATAPUMP_IMP_FULL_DATABASE <- EXP_FULL_DATABASE:
    EXEMPT REDACTION POLICY
O12TEST <- DBA <- EXP_FULL_DATABASE: EXEMPT REDACTION POLICY

SYSTEM <- DBA <- DATAPUMP_EXP_FULL_DATABASE <- EXP_FULL_DATABASE:
    EXEMPT REDACTION POLICY
SYSTEM <- DBA <- DATAPUMP_IMP_FULL_DATABASE <- EXP_FULL_DATABASE:
    EXEMPT REDACTION POLICY
SYSTEM <- DBA <- EXP_FULL_DATABASE: EXEMPT REDACTION POLICY

Remarks

Users with exemption privileges (EXEMPT ACCESS POLICY, EXEMPT REDACTION POLICY) can bypass the access control policies created using Virtual Private Database and Data Redaction. Most administrative tasks do not require access to the data itself, so these privileges should be granted rarely even to administrators.

References

CIS Oracle Database 12c Benchmark v2.0.0: Recommendation 4.3.4

Access to Password Verifier Tables

PRIV.PASSWD

CIS

Status

Pass

Summary

No grants of object privileges on restricted objects.

Remarks

Users with these privileges can access objects that contain user password verifiers. The verifiers can be used in offline attacks to discover user passwords.

References

CIS Oracle Database 12c Benchmark v2.0.0: Recommendation 4.5.1, 4.5.2, 4.5.3, 4.5.4, 4.5.6

Access to Restricted Objects

PRIV.OBJ

Status

Evaluate

Summary

746 grants of object privileges on restricted objects.

Details

Grants of DELETE, INSERT, UPDATE on SYS, DVSYS, or LBACSYS objects:

GGSYS: DELETE on SYS.DDL_REQUESTS, DELETE on SYS.DDL_REQUESTS_PWD, INSERT
    on SYS.DDL_REQUESTS, INSERT on SYS.DDL_REQUESTS_PWD, UPDATE on
    SYS.DDL_REQUESTS, UPDATE on SYS.DDL_REQUESTS_PWD

GSMADMIN_INTERNAL: DELETE on SYS.DDL_REQUESTS, DELETE on
    SYS.DDL_REQUESTS_PWD, INSERT on SYS.DDL_REQUESTS, INSERT on
    SYS.DDL_REQUESTS_PWD, UPDATE on SYS.DDL_REQUESTS, UPDATE on
    SYS.DDL_REQUESTS_PWD
GSMADMIN_INTERNAL <- DATAPUMP_EXP_FULL_DATABASE <- EXP_FULL_DATABASE:
    DELETE on SYS.INCEXP, DELETE on SYS.INCFIL, DELETE on SYS.INCVID,
    INSERT on SYS.INCEXP, INSERT on SYS.INCFIL, INSERT on SYS.INCVID,
    UPDATE on SYS.INCEXP, UPDATE on SYS.INCFIL, UPDATE on SYS.INCVID
GSMADMIN_INTERNAL <- DATAPUMP_IMP_FULL_DATABASE <- EXP_FULL_DATABASE:
    DELETE on SYS.INCEXP, DELETE on SYS.INCFIL, DELETE on SYS.INCVID,
    INSERT on SYS.INCEXP, INSERT on SYS.INCFIL, INSERT on SYS.INCVID,
    UPDATE on SYS.INCEXP, UPDATE on SYS.INCFIL, UPDATE on SYS.INCVID
GSMADMIN_INTERNAL <- DATAPUMP_IMP_FULL_DATABASE <- IMP_FULL_DATABASE:
    DELETE on SYS.EXPIMP_TTS_CT$, DELETE on SYS.RADM_FPTM$, INSERT on
    SYS.EXPIMP_TTS_CT$, INSERT on SYS.RADM_FPTM$, UPDATE on
    SYS.EXPIMP_TTS_CT$

O12TEST <- DBA: INSERT on SYS.XSDB$SCHEMA_ACL, UPDATE on
    SYS.XSDB$SCHEMA_ACL
O12TEST <- DBA <- DATAPUMP_EXP_FULL_DATABASE <- EXP_FULL_DATABASE:
    DELETE on SYS.INCEXP, DELETE on SYS.INCFIL, DELETE on SYS.INCVID,
    INSERT on SYS.INCEXP, INSERT on SYS.INCFIL, INSERT on SYS.INCVID,
    UPDATE on SYS.INCEXP, UPDATE on SYS.INCFIL, UPDATE on SYS.INCVID
O12TEST <- DBA <- DATAPUMP_IMP_FULL_DATABASE <- EXP_FULL_DATABASE:
    DELETE on SYS.INCEXP, DELETE on SYS.INCFIL, DELETE on SYS.INCVID,
    INSERT on SYS.INCEXP, INSERT on SYS.INCFIL, INSERT on SYS.INCVID,
    UPDATE on SYS.INCEXP, UPDATE on SYS.INCFIL, UPDATE on SYS.INCVID
O12TEST <- DBA <- DATAPUMP_IMP_FULL_DATABASE <- IMP_FULL_DATABASE:
    DELETE on SYS.EXPIMP_TTS_CT$, DELETE on SYS.RADM_FPTM$, INSERT on
    SYS.EXPIMP_TTS_CT$, INSERT on SYS.RADM_FPTM$, UPDATE on
    SYS.EXPIMP_TTS_CT$
O12TEST <- DBA <- EXP_FULL_DATABASE: DELETE on SYS.INCEXP, DELETE on
    SYS.INCFIL, DELETE on SYS.INCVID, INSERT on SYS.INCEXP, INSERT on
    SYS.INCFIL, INSERT on SYS.INCVID, UPDATE on SYS.INCEXP, UPDATE on
    SYS.INCFIL, UPDATE on SYS.INCVID
O12TEST <- DBA <- GATHER_SYSTEM_STATISTICS: DELETE on SYS.AUX_STATS$,
    DELETE on SYS.WRI$_OPTSTAT_AUX_HISTORY, INSERT on SYS.AUX_STATS$,
    INSERT on SYS.WRI$_OPTSTAT_AUX_HISTORY, UPDATE on SYS.AUX_STATS$,
    UPDATE on SYS.WRI$_OPTSTAT_AUX_HISTORY
O12TEST <- DBA <- IMP_FULL_DATABASE: DELETE on SYS.EXPIMP_TTS_CT$,
    DELETE on SYS.RADM_FPTM$, INSERT on SYS.EXPIMP_TTS_CT$, INSERT on
    SYS.RADM_FPTM$, UPDATE on SYS.EXPIMP_TTS_CT$
O12TEST <- DBA <- OPTIMIZER_PROCESSING_RATE: DELETE on
    SYS.OPT_CALIBRATION_STATS$, INSERT on SYS.OPT_CALIBRATION_STATS$,
    UPDATE on SYS.OPT_CALIBRATION_STATS$

ORDSYS: DELETE on SYS.EXPDEPACT$, DELETE on SYS.EXPDEPOBJ$, DELETE on
    SYS.EXPPKGACT$, DELETE on SYS.EXPPKGOBJ$, INSERT on SYS.EXPDEPACT$,
    INSERT on SYS.EXPDEPOBJ$, INSERT on SYS.EXPPKGACT$, INSERT on
    SYS.EXPPKGOBJ$

SYS$UMF <- SYSUMF_ROLE: DELETE on SYS.UMF$_LINK, DELETE on
    SYS.UMF$_REGISTRATION, DELETE on SYS.UMF$_SERVICE, DELETE on
    SYS.UMF$_TOPOLOGY, DELETE on SYS.WRH$_ACTIVE_SESSION_HISTORY, DELETE on
    SYS.WRH$_ASM_BAD_DISK, DELETE on SYS.WRH$_ASM_DISKGROUP, DELETE on
    SYS.WRH$_ASM_DISKGROUP_STAT, DELETE on SYS.WRH$_BG_EVENT_SUMMARY,
    DELETE on SYS.WRH$_BUFFERED_QUEUES, DELETE on
    SYS.WRH$_BUFFERED_SUBSCRIBERS, DELETE on
    SYS.WRH$_BUFFER_POOL_STATISTICS, DELETE on SYS.WRH$_CELL_CONFIG, DELETE
    on SYS.WRH$_CELL_CONFIG_DETAIL, DELETE on SYS.WRH$_CELL_DB, DELETE on
    SYS.WRH$_CELL_DISK_SUMMARY, DELETE on SYS.WRH$_CELL_GLOBAL, DELETE on
    SYS.WRH$_CELL_GLOBAL_SUMMARY, DELETE on SYS.WRH$_CELL_IOREASON, DELETE
    on SYS.WRH$_CELL_IOREASON_NAME, DELETE on SYS.WRH$_CELL_METRIC_DESC,
    DELETE on SYS.WRH$_CELL_OPEN_ALERTS, DELETE on SYS.WRH$_CHANNEL_WAITS,
    DELETE on SYS.WRH$_CLUSTER_INTERCON, DELETE on SYS.WRH$_COMP_IOSTAT,
    DELETE on SYS.WRH$_CON_SYSMETRIC_HISTORY, DELETE on
    SYS.WRH$_CON_SYSMETRIC_SUMMARY, DELETE on SYS.WRH$_CON_SYSSTAT, DELETE
    on SYS.WRH$_CON_SYSTEM_EVENT, DELETE on SYS.WRH$_CON_SYS_TIME_MODEL,
    DELETE on SYS.WRH$_CR_BLOCK_SERVER, DELETE on
    SYS.WRH$_CURRENT_BLOCK_SERVER, DELETE on SYS.WRH$_DATAFILE, DELETE on
    SYS.WRH$_DB_CACHE_ADVICE, DELETE on SYS.WRH$_DISPATCHER, DELETE on
    SYS.WRH$_DLM_MISC, DELETE on SYS.WRH$_DYN_REMASTER_STATS, DELETE on
    SYS.WRH$_ENQUEUE_STAT, DELETE on SYS.WRH$_EVENT_HISTOGRAM, DELETE on
    SYS.WRH$_EVENT_NAME, DELETE on SYS.WRH$_FILEMETRIC_HISTORY, DELETE on
    SYS.WRH$_FILESTATXS, DELETE on SYS.WRH$_IC_CLIENT_STATS, DELETE on
    SYS.WRH$_IC_DEVICE_STATS, DELETE on SYS.WRH$_IM_SEG_STAT, DELETE on
    SYS.WRH$_IM_SEG_STAT_OBJ, DELETE on SYS.WRH$_INSTANCE_RECOVERY, DELETE
    on SYS.WRH$_INST_CACHE_TRANSFER, DELETE on SYS.WRH$_INTERCONNECT_PINGS,
    DELETE on SYS.WRH$_IOSTAT_DETAIL, DELETE on SYS.WRH$_IOSTAT_FILETYPE,
    DELETE on SYS.WRH$_IOSTAT_FILETYPE_NAME, DELETE on
    SYS.WRH$_IOSTAT_FUNCTION, DELETE on SYS.WRH$_IOSTAT_FUNCTION_NAME,
    DELETE on SYS.WRH$_JAVA_POOL_ADVICE, DELETE on SYS.WRH$_LATCH, DELETE
    on SYS.WRH$_LATCH_CHILDREN, DELETE on SYS.WRH$_LATCH_MISSES_SUMMARY,
    DELETE on SYS.WRH$_LATCH_NAME, DELETE on SYS.WRH$_LATCH_PARENT, DELETE
    on SYS.WRH$_LIBRARYCACHE, DELETE on SYS.WRH$_LMS_STATS, DELETE on
    SYS.WRH$_LOG, DELETE on SYS.WRH$_MEMORY_RESIZE_OPS, DELETE on
    SYS.WRH$_MEMORY_TARGET_ADVICE, DELETE on SYS.WRH$_MEM_DYNAMIC_COMP,
    DELETE on SYS.WRH$_METRIC_NAME, DELETE on SYS.WRH$_MTTR_TARGET_ADVICE,
    DELETE on SYS.WRH$_MUTEX_SLEEP, DELETE on SYS.WRH$_MVPARAMETER, DELETE
    on SYS.WRH$_OPTIMIZER_ENV, DELETE on SYS.WRH$_OSSTAT, DELETE on
    SYS.WRH$_OSSTAT_NAME, DELETE on SYS.WRH$_PARAMETER, DELETE on
    SYS.WRH$_PARAMETER_NAME, DELETE on SYS.WRH$_PERSISTENT_QMN_CACHE,
    DELETE on SYS.WRH$_PERSISTENT_QUEUES, DELETE on
    SYS.WRH$_PERSISTENT_SUBSCRIBERS, DELETE on SYS.WRH$_PGASTAT, DELETE on
    SYS.WRH$_PGA_TARGET_ADVICE, DELETE on SYS.WRH$_PLAN_OPERATION_NAME,
    DELETE on SYS.WRH$_PLAN_OPTION_NAME, DELETE on
    SYS.WRH$_PROCESS_MEMORY_SUMMARY, DELETE on SYS.WRH$_RECOVERY_PROGRESS,
    DELETE on SYS.WRH$_REPLICATION_TBL_STATS, DELETE on
    SYS.WRH$_REPLICATION_TXN_STATS, DELETE on SYS.WRH$_RESOURCE_LIMIT,
    DELETE on SYS.WRH$_ROWCACHE_SUMMARY, DELETE on
    SYS.WRH$_RSRC_CONSUMER_GROUP, DELETE on SYS.WRH$_RSRC_METRIC, DELETE on
    SYS.WRH$_RSRC_PDB_METRIC, DELETE on SYS.WRH$_RSRC_PLAN, DELETE on
    SYS.WRH$_RULE_SET, DELETE on SYS.WRH$_SEG_STAT, DELETE on
    SYS.WRH$_SEG_STAT_OBJ, DELETE on SYS.WRH$_SERVICE_NAME, DELETE on
    SYS.WRH$_SERVICE_STAT, DELETE on SYS.WRH$_SERVICE_WAIT_CLASS, DELETE on
    SYS.WRH$_SESSMETRIC_HISTORY, DELETE on SYS.WRH$_SESS_SGA_STATS, DELETE
    on SYS.WRH$_SESS_TIME_STATS, DELETE on SYS.WRH$_SGA, DELETE on
    SYS.WRH$_SGASTAT, DELETE on SYS.WRH$_SGA_TARGET_ADVICE, DELETE on
    SYS.WRH$_SHARED_POOL_ADVICE, DELETE on SYS.WRH$_SHARED_SERVER_SUMMARY,
    DELETE on SYS.WRH$_SQLCOMMAND_NAME, DELETE on SYS.WRH$_SQLSTAT, DELETE
    on SYS.WRH$_SQLTEXT, DELETE on SYS.WRH$_SQL_BIND_METADATA, DELETE on
    SYS.WRH$_SQL_PLAN, DELETE on SYS.WRH$_SQL_SUMMARY, DELETE on
    SYS.WRH$_SQL_WORKAREA_HISTOGRAM, DELETE on SYS.WRH$_STAT_NAME, DELETE
    on SYS.WRH$_STREAMS_APPLY_SUM, DELETE on SYS.WRH$_STREAMS_CAPTURE,
    DELETE on SYS.WRH$_STREAMS_POOL_ADVICE, DELETE on
    SYS.WRH$_SYSMETRIC_HISTORY, DELETE on SYS.WRH$_SYSMETRIC_SUMMARY,
    DELETE on SYS.WRH$_SYSSTAT, DELETE on SYS.WRH$_SYSTEM_EVENT, DELETE on
    SYS.WRH$_SYS_TIME_MODEL, DELETE on SYS.WRH$_TABLESPACE, DELETE on
    SYS.WRH$_TABLESPACE_SPACE_USAGE, DELETE on SYS.WRH$_TABLESPACE_STAT,
    DELETE on SYS.WRH$_TEMPFILE, DELETE on SYS.WRH$_TEMPSTATXS, DELETE on
    SYS.WRH$_THREAD, DELETE on SYS.WRH$_TOPLEVELCALL_NAME, DELETE on
    SYS.WRH$_UNDOSTAT, DELETE on SYS.WRH$_WAITCLASSMETRIC_HISTORY, DELETE
    on SYS.WRH$_WAITSTAT, DELETE on SYS.WRHS$_CELL_IOREASON_NAME, DELETE on
    SYS.WRHS$_CELL_METRIC_DESC, DELETE on SYS.WRHS$_DATAFILE, DELETE on
    SYS.WRHS$_EVENT_NAME, DELETE on SYS.WRHS$_IM_SEG_STAT_OBJ, DELETE on
    SYS.WRHS$_IOSTAT_FILETYPE_NAME, DELETE on
    SYS.WRHS$_IOSTAT_FUNCTION_NAME, DELETE on SYS.WRHS$_LATCH_NAME, DELETE
    on SYS.WRHS$_METRIC_NAME, DELETE on SYS.WRHS$_OPTIMIZER_ENV, DELETE on
    SYS.WRHS$_OSSTAT_NAME, DELETE on SYS.WRHS$_PARAMETER_NAME, DELETE on
    SYS.WRHS$_PLAN_OPERATION_NAME, DELETE on SYS.WRHS$_PLAN_OPTION_NAME,
    DELETE on SYS.WRHS$_SEG_STAT_OBJ, DELETE on SYS.WRHS$_SERVICE_NAME,
    DELETE on SYS.WRHS$_SQLCOMMAND_NAME, DELETE on SYS.WRHS$_SQLTEXT,
    DELETE on SYS.WRHS$_SQL_BIND_METADATA, DELETE on SYS.WRHS$_SQL_PLAN,
    DELETE on SYS.WRHS$_STAT_NAME, DELETE on SYS.WRHS$_TABLESPACE, DELETE
    on SYS.WRHS$_TEMPFILE, DELETE on SYS.WRHS$_TOPLEVELCALL_NAME, DELETE on
    SYS.WRI$_ADV_ACTIONS, DELETE on SYS.WRI$_ADV_DEF_PARAMETERS, DELETE on
    SYS.WRI$_ADV_DIRECTIVE_DEFS, DELETE on
    SYS.WRI$_ADV_DIRECTIVE_INSTANCES, DELETE on SYS.WRI$_ADV_EXECUTIONS,
    DELETE on SYS.WRI$_ADV_EXEC_PARAMETERS, DELETE on
    SYS.WRI$_ADV_FINDINGS, DELETE on SYS.WRI$_ADV_INST_FDG, DELETE on
    SYS.WRI$_ADV_JOURNAL, DELETE on SYS.WRI$_ADV_MESSAGE_GROUPS, DELETE on
    SYS.WRI$_ADV_OBJECTS, DELETE on SYS.WRI$_ADV_PARAMETERS, DELETE on
    SYS.WRI$_ADV_RATIONALE, DELETE on SYS.WRI$_ADV_RECOMMENDATIONS, DELETE
    on SYS.WRI$_ADV_REC_ACTIONS, DELETE on SYS.WRI$_ADV_SQLT_BINDS, DELETE
    on SYS.WRI$_ADV_SQLT_PLANS, DELETE on SYS.WRI$_ADV_SQLT_PLAN_HASH,
    DELETE on SYS.WRI$_ADV_SQLT_PLAN_STATS, DELETE on
    SYS.WRI$_ADV_SQLT_RTN_PLAN, DELETE on SYS.WRI$_ADV_SQLT_STATISTICS,
    DELETE on SYS.WRI$_ADV_TASKS, DELETE on SYS.WRI$_ADV_USAGE, DELETE on
    SYS.WRI$_ALERT_HISTORY, DELETE on SYS.WRI$_OPTSTAT_OPR, DELETE on
    SYS.WRI$_SEGADV_CNTRLTAB, DELETE on SYS.WRI$_SEGADV_OBJLIST, DELETE on
    SYS.WRI$_SQLSET_DEFINITIONS, DELETE on SYS.WRI$_SQLSET_REFERENCES,
    DELETE on SYS.WRI$_SQLTEXT_REFCOUNT, DELETE on SYS.WRM$_ACTIVE_PDBS,
    DELETE on SYS.WRM$_BASELINE, DELETE on SYS.WRM$_BASELINE_DETAILS,
    DELETE on SYS.WRM$_BASELINE_TEMPLATE, DELETE on SYS.WRM$_COLORED_SQL,
    DELETE on SYS.WRM$_DATABASE_INSTANCE, DELETE on SYS.WRM$_PDB_INSTANCE,
    DELETE on SYS.WRM$_PDB_IN_SNAP, DELETE on SYS.WRM$_SNAPSHOT, DELETE on
    SYS.WRM$_SNAPSHOT_DETAILS, DELETE on SYS.WRM$_SNAP_ERROR, DELETE on
    SYS.WRM$_WR_CONTROL, DELETE on SYS.WRM$_WR_SETTINGS, DELETE on
    SYS.WRM$_WR_USAGE, DELETE on SYS.WRMS$_SNAPSHOT, INSERT on
    SYS.UMF$_LINK, INSERT on SYS.UMF$_REGISTRATION, INSERT on
    SYS.UMF$_SERVICE, INSERT on SYS.UMF$_TOPOLOGY, INSERT on
    SYS.WRH$_ACTIVE_SESSION_HISTORY, INSERT on SYS.WRH$_ASM_BAD_DISK,
    INSERT on SYS.WRH$_ASM_DISKGROUP, INSERT on
    SYS.WRH$_ASM_DISKGROUP_STAT, INSERT on SYS.WRH$_BG_EVENT_SUMMARY,
    INSERT on SYS.WRH$_BUFFERED_QUEUES, INSERT on
    SYS.WRH$_BUFFERED_SUBSCRIBERS, INSERT on
    SYS.WRH$_BUFFER_POOL_STATISTICS, INSERT on SYS.WRH$_CELL_CONFIG, INSERT
    on SYS.WRH$_CELL_CONFIG_DETAIL, INSERT on SYS.WRH$_CELL_DB, INSERT on
    SYS.WRH$_CELL_DISK_SUMMARY, INSERT on SYS.WRH$_CELL_GLOBAL, INSERT on
    SYS.WRH$_CELL_GLOBAL_SUMMARY, INSERT on SYS.WRH$_CELL_IOREASON, INSERT
    on SYS.WRH$_CELL_IOREASON_NAME, INSERT on SYS.WRH$_CELL_METRIC_DESC,
    INSERT on SYS.WRH$_CELL_OPEN_ALERTS, INSERT on SYS.WRH$_CHANNEL_WAITS,
    INSERT on SYS.WRH$_CLUSTER_INTERCON, INSERT on SYS.WRH$_COMP_IOSTAT,
    INSERT on SYS.WRH$_CON_SYSMETRIC_HISTORY, INSERT on
    SYS.WRH$_CON_SYSMETRIC_SUMMARY, INSERT on SYS.WRH$_CON_SYSSTAT, INSERT
    on SYS.WRH$_CON_SYSTEM_EVENT, INSERT on SYS.WRH$_CON_SYS_TIME_MODEL,
    INSERT on SYS.WRH$_CR_BLOCK_SERVER, INSERT on
    SYS.WRH$_CURRENT_BLOCK_SERVER, INSERT on SYS.WRH$_DATAFILE, INSERT on
    SYS.WRH$_DB_CACHE_ADVICE, INSERT on SYS.WRH$_DISPATCHER, INSERT on
    SYS.WRH$_DLM_MISC, INSERT on SYS.WRH$_DYN_REMASTER_STATS, INSERT on
    SYS.WRH$_ENQUEUE_STAT, INSERT on SYS.WRH$_EVENT_HISTOGRAM, INSERT on
    SYS.WRH$_EVENT_NAME, INSERT on SYS.WRH$_FILEMETRIC_HISTORY, INSERT on
    SYS.WRH$_FILESTATXS, INSERT on SYS.WRH$_IC_CLIENT_STATS, INSERT on
    SYS.WRH$_IC_DEVICE_STATS, INSERT on SYS.WRH$_IM_SEG_STAT, INSERT on
    SYS.WRH$_IM_SEG_STAT_OBJ, INSERT on SYS.WRH$_INSTANCE_RECOVERY, INSERT
    on SYS.WRH$_INST_CACHE_TRANSFER, INSERT on SYS.WRH$_INTERCONNECT_PINGS,
    INSERT on SYS.WRH$_IOSTAT_DETAIL, INSERT on SYS.WRH$_IOSTAT_FILETYPE,
    INSERT on SYS.WRH$_IOSTAT_FILETYPE_NAME, INSERT on
    SYS.WRH$_IOSTAT_FUNCTION, INSERT on SYS.WRH$_IOSTAT_FUNCTION_NAME,
    INSERT on SYS.WRH$_JAVA_POOL_ADVICE, INSERT on SYS.WRH$_LATCH, INSERT
    on SYS.WRH$_LATCH_CHILDREN, INSERT on SYS.WRH$_LATCH_MISSES_SUMMARY,
    INSERT on SYS.WRH$_LATCH_NAME, INSERT on SYS.WRH$_LATCH_PARENT, INSERT
    on SYS.WRH$_LIBRARYCACHE, INSERT on SYS.WRH$_LMS_STATS, INSERT on
    SYS.WRH$_LOG, INSERT on SYS.WRH$_MEMORY_RESIZE_OPS, INSERT on
    SYS.WRH$_MEMORY_TARGET_ADVICE, INSERT on SYS.WRH$_MEM_DYNAMIC_COMP,
    INSERT on SYS.WRH$_METRIC_NAME, INSERT on SYS.WRH$_MTTR_TARGET_ADVICE,
    INSERT on SYS.WRH$_MUTEX_SLEEP, INSERT on SYS.WRH$_MVPARAMETER, INSERT
    on SYS.WRH$_OPTIMIZER_ENV, INSERT on SYS.WRH$_OSSTAT, INSERT on
    SYS.WRH$_OSSTAT_NAME, INSERT on SYS.WRH$_PARAMETER, INSERT on
    SYS.WRH$_PARAMETER_NAME, INSERT on SYS.WRH$_PERSISTENT_QMN_CACHE,
    INSERT on SYS.WRH$_PERSISTENT_QUEUES, INSERT on
    SYS.WRH$_PERSISTENT_SUBSCRIBERS, INSERT on SYS.WRH$_PGASTAT, INSERT on
    SYS.WRH$_PGA_TARGET_ADVICE, INSERT on SYS.WRH$_PLAN_OPERATION_NAME,
    INSERT on SYS.WRH$_PLAN_OPTION_NAME, INSERT on
    SYS.WRH$_PROCESS_MEMORY_SUMMARY, INSERT on SYS.WRH$_RECOVERY_PROGRESS,
    INSERT on SYS.WRH$_REPLICATION_TBL_STATS, INSERT on
    SYS.WRH$_REPLICATION_TXN_STATS, INSERT on SYS.WRH$_RESOURCE_LIMIT,
    INSERT on SYS.WRH$_ROWCACHE_SUMMARY, INSERT on
    SYS.WRH$_RSRC_CONSUMER_GROUP, INSERT on SYS.WRH$_RSRC_METRIC, INSERT on
    SYS.WRH$_RSRC_PDB_METRIC, INSERT on SYS.WRH$_RSRC_PLAN, INSERT on
    SYS.WRH$_RULE_SET, INSERT on SYS.WRH$_SEG_STAT, INSERT on
    SYS.WRH$_SEG_STAT_OBJ, INSERT on SYS.WRH$_SERVICE_NAME, INSERT on
    SYS.WRH$_SERVICE_STAT, INSERT on SYS.WRH$_SERVICE_WAIT_CLASS, INSERT on
    SYS.WRH$_SESSMETRIC_HISTORY, INSERT on SYS.WRH$_SESS_SGA_STATS, INSERT
    on SYS.WRH$_SESS_TIME_STATS, INSERT on SYS.WRH$_SGA, INSERT on
    SYS.WRH$_SGASTAT, INSERT on SYS.WRH$_SGA_TARGET_ADVICE, INSERT on
    SYS.WRH$_SHARED_POOL_ADVICE, INSERT on SYS.WRH$_SHARED_SERVER_SUMMARY,
    INSERT on SYS.WRH$_SQLCOMMAND_NAME, INSERT on SYS.WRH$_SQLSTAT, INSERT
    on SYS.WRH$_SQLTEXT, INSERT on SYS.WRH$_SQL_BIND_METADATA, INSERT on
    SYS.WRH$_SQL_PLAN, INSERT on SYS.WRH$_SQL_SUMMARY, INSERT on
    SYS.WRH$_SQL_WORKAREA_HISTOGRAM, INSERT on SYS.WRH$_STAT_NAME, INSERT
    on SYS.WRH$_STREAMS_APPLY_SUM, INSERT on SYS.WRH$_STREAMS_CAPTURE,
    INSERT on SYS.WRH$_STREAMS_POOL_ADVICE, INSERT on
    SYS.WRH$_SYSMETRIC_HISTORY, INSERT on SYS.WRH$_SYSMETRIC_SUMMARY,
    INSERT on SYS.WRH$_SYSSTAT, INSERT on SYS.WRH$_SYSTEM_EVENT, INSERT on
    SYS.WRH$_SYS_TIME_MODEL, INSERT on SYS.WRH$_TABLESPACE, INSERT on
    SYS.WRH$_TABLESPACE_SPACE_USAGE, INSERT on SYS.WRH$_TABLESPACE_STAT,
    INSERT on SYS.WRH$_TEMPFILE, INSERT on SYS.WRH$_TEMPSTATXS, INSERT on
    SYS.WRH$_THREAD, INSERT on SYS.WRH$_TOPLEVELCALL_NAME, INSERT on
    SYS.WRH$_UNDOSTAT, INSERT on SYS.WRH$_WAITCLASSMETRIC_HISTORY, INSERT
    on SYS.WRH$_WAITSTAT, INSERT on SYS.WRHS$_CELL_IOREASON_NAME, INSERT on
    SYS.WRHS$_CELL_METRIC_DESC, INSERT on SYS.WRHS$_DATAFILE, INSERT on
    SYS.WRHS$_EVENT_NAME, INSERT on SYS.WRHS$_IM_SEG_STAT_OBJ, INSERT on
    SYS.WRHS$_IOSTAT_FILETYPE_NAME, INSERT on
    SYS.WRHS$_IOSTAT_FUNCTION_NAME, INSERT on SYS.WRHS$_LATCH_NAME, INSERT
    on SYS.WRHS$_METRIC_NAME, INSERT on SYS.WRHS$_OPTIMIZER_ENV, INSERT on
    SYS.WRHS$_OSSTAT_NAME, INSERT on SYS.WRHS$_PARAMETER_NAME, INSERT on
    SYS.WRHS$_PLAN_OPERATION_NAME, INSERT on SYS.WRHS$_PLAN_OPTION_NAME,
    INSERT on SYS.WRHS$_SEG_STAT_OBJ, INSERT on SYS.WRHS$_SERVICE_NAME,
    INSERT on SYS.WRHS$_SQLCOMMAND_NAME, INSERT on SYS.WRHS$_SQLTEXT,
    INSERT on SYS.WRHS$_SQL_BIND_METADATA, INSERT on SYS.WRHS$_SQL_PLAN,
    INSERT on SYS.WRHS$_STAT_NAME, INSERT on SYS.WRHS$_TABLESPACE, INSERT
    on SYS.WRHS$_TEMPFILE, INSERT on SYS.WRHS$_TOPLEVELCALL_NAME, INSERT on
    SYS.WRI$_ADV_ACTIONS, INSERT on SYS.WRI$_ADV_DEF_PARAMETERS, INSERT on
    SYS.WRI$_ADV_DIRECTIVE_DEFS, INSERT on
    SYS.WRI$_ADV_DIRECTIVE_INSTANCES, INSERT on SYS.WRI$_ADV_EXECUTIONS,
    INSERT on SYS.WRI$_ADV_EXEC_PARAMETERS, INSERT on
    SYS.WRI$_ADV_FINDINGS, INSERT on SYS.WRI$_ADV_INST_FDG, INSERT on
    SYS.WRI$_ADV_JOURNAL, INSERT on SYS.WRI$_ADV_MESSAGE_GROUPS, INSERT on
    SYS.WRI$_ADV_OBJECTS, INSERT on SYS.WRI$_ADV_PARAMETERS, INSERT on
    SYS.WRI$_ADV_RATIONALE, INSERT on SYS.WRI$_ADV_RECOMMENDATIONS, INSERT
    on SYS.WRI$_ADV_REC_ACTIONS, INSERT on SYS.WRI$_ADV_SQLT_BINDS, INSERT
    on SYS.WRI$_ADV_SQLT_PLANS, INSERT on SYS.WRI$_ADV_SQLT_PLAN_HASH,
    INSERT on SYS.WRI$_ADV_SQLT_PLAN_STATS, INSERT on
    SYS.WRI$_ADV_SQLT_RTN_PLAN, INSERT on SYS.WRI$_ADV_SQLT_STATISTICS,
    INSERT on SYS.WRI$_ADV_TASKS, INSERT on SYS.WRI$_ADV_USAGE, INSERT on
    SYS.WRI$_ALERT_HISTORY, INSERT on SYS.WRI$_OPTSTAT_OPR, INSERT on
    SYS.WRI$_SEGADV_CNTRLTAB, INSERT on SYS.WRI$_SEGADV_OBJLIST, INSERT on
    SYS.WRI$_SQLSET_DEFINITIONS, INSERT on SYS.WRI$_SQLSET_REFERENCES,
    INSERT on SYS.WRI$_SQLTEXT_REFCOUNT, INSERT on SYS.WRM$_ACTIVE_PDBS,
    INSERT on SYS.WRM$_BASELINE, INSERT on SYS.WRM$_BASELINE_DETAILS,
    INSERT on SYS.WRM$_BASELINE_TEMPLATE, INSERT on SYS.WRM$_COLORED_SQL,
    INSERT on SYS.WRM$_DATABASE_INSTANCE, INSERT on SYS.WRM$_PDB_INSTANCE,
    INSERT on SYS.WRM$_PDB_IN_SNAP, INSERT on SYS.WRM$_SNAPSHOT, INSERT on
    SYS.WRM$_SNAPSHOT_DETAILS, INSERT on SYS.WRM$_SNAP_ERROR, INSERT on
    SYS.WRM$_WR_CONTROL, INSERT on SYS.WRM$_WR_SETTINGS, INSERT on
    SYS.WRM$_WR_USAGE, INSERT on SYS.WRMS$_SNAPSHOT, UPDATE on
    SYS.UMF$_LINK, UPDATE on SYS.UMF$_REGISTRATION, UPDATE on
    SYS.UMF$_SERVICE, UPDATE on SYS.UMF$_TOPOLOGY, UPDATE on
    SYS.WRH$_ACTIVE_SESSION_HISTORY, UPDATE on SYS.WRH$_ASM_BAD_DISK,
    UPDATE on SYS.WRH$_ASM_DISKGROUP, UPDATE on
    SYS.WRH$_ASM_DISKGROUP_STAT, UPDATE on SYS.WRH$_BG_EVENT_SUMMARY,
    UPDATE on SYS.WRH$_BUFFERED_QUEUES, UPDATE on
    SYS.WRH$_BUFFERED_SUBSCRIBERS, UPDATE on
    SYS.WRH$_BUFFER_POOL_STATISTICS, UPDATE on SYS.WRH$_CELL_CONFIG, UPDATE
    on SYS.WRH$_CELL_CONFIG_DETAIL, UPDATE on SYS.WRH$_CELL_DB, UPDATE on
    SYS.WRH$_CELL_DISK_SUMMARY, UPDATE on SYS.WRH$_CELL_GLOBAL, UPDATE on
    SYS.WRH$_CELL_GLOBAL_SUMMARY, UPDATE on SYS.WRH$_CELL_IOREASON, UPDATE
    on SYS.WRH$_CELL_IOREASON_NAME, UPDATE on SYS.WRH$_CELL_METRIC_DESC,
    UPDATE on SYS.WRH$_CELL_OPEN_ALERTS, UPDATE on SYS.WRH$_CHANNEL_WAITS,
    UPDATE on SYS.WRH$_CLUSTER_INTERCON, UPDATE on SYS.WRH$_COMP_IOSTAT,
    UPDATE on SYS.WRH$_CON_SYSMETRIC_HISTORY, UPDATE on
    SYS.WRH$_CON_SYSMETRIC_SUMMARY, UPDATE on SYS.WRH$_CON_SYSSTAT, UPDATE
    on SYS.WRH$_CON_SYSTEM_EVENT, UPDATE on SYS.WRH$_CON_SYS_TIME_MODEL,
    UPDATE on SYS.WRH$_CR_BLOCK_SERVER, UPDATE on
    SYS.WRH$_CURRENT_BLOCK_SERVER, UPDATE on SYS.WRH$_DATAFILE, UPDATE on
    SYS.WRH$_DB_CACHE_ADVICE, UPDATE on SYS.WRH$_DISPATCHER, UPDATE on
    SYS.WRH$_DLM_MISC, UPDATE on SYS.WRH$_DYN_REMASTER_STATS, UPDATE on
    SYS.WRH$_ENQUEUE_STAT, UPDATE on SYS.WRH$_EVENT_HISTOGRAM, UPDATE on
    SYS.WRH$_EVENT_NAME, UPDATE on SYS.WRH$_FILEMETRIC_HISTORY, UPDATE on
    SYS.WRH$_FILESTATXS, UPDATE on SYS.WRH$_IC_CLIENT_STATS, UPDATE on
    SYS.WRH$_IC_DEVICE_STATS, UPDATE on SYS.WRH$_IM_SEG_STAT, UPDATE on
    SYS.WRH$_IM_SEG_STAT_OBJ, UPDATE on SYS.WRH$_INSTANCE_RECOVERY, UPDATE
    on SYS.WRH$_INST_CACHE_TRANSFER, UPDATE on SYS.WRH$_INTERCONNECT_PINGS,
    UPDATE on SYS.WRH$_IOSTAT_DETAIL, UPDATE on SYS.WRH$_IOSTAT_FILETYPE,
    UPDATE on SYS.WRH$_IOSTAT_FILETYPE_NAME, UPDATE on
    SYS.WRH$_IOSTAT_FUNCTION, UPDATE on SYS.WRH$_IOSTAT_FUNCTION_NAME,
    UPDATE on SYS.WRH$_JAVA_POOL_ADVICE, UPDATE on SYS.WRH$_LATCH, UPDATE
    on SYS.WRH$_LATCH_CHILDREN, UPDATE on SYS.WRH$_LATCH_MISSES_SUMMARY,
    UPDATE on SYS.WRH$_LATCH_NAME, UPDATE on SYS.WRH$_LATCH_PARENT, UPDATE
    on SYS.WRH$_LIBRARYCACHE, UPDATE on SYS.WRH$_LMS_STATS, UPDATE on
    SYS.WRH$_LOG, UPDATE on SYS.WRH$_MEMORY_RESIZE_OPS, UPDATE on
    SYS.WRH$_MEMORY_TARGET_ADVICE, UPDATE on SYS.WRH$_MEM_DYNAMIC_COMP,
    UPDATE on SYS.WRH$_METRIC_NAME, UPDATE on SYS.WRH$_MTTR_TARGET_ADVICE,
    UPDATE on SYS.WRH$_MUTEX_SLEEP, UPDATE on SYS.WRH$_MVPARAMETER, UPDATE
    on SYS.WRH$_OPTIMIZER_ENV, UPDATE on SYS.WRH$_OSSTAT, UPDATE on
    SYS.WRH$_OSSTAT_NAME, UPDATE on SYS.WRH$_PARAMETER, UPDATE on
    SYS.WRH$_PARAMETER_NAME, UPDATE on SYS.WRH$_PERSISTENT_QMN_CACHE,
    UPDATE on SYS.WRH$_PERSISTENT_QUEUES, UPDATE on
    SYS.WRH$_PERSISTENT_SUBSCRIBERS, UPDATE on SYS.WRH$_PGASTAT, UPDATE on
    SYS.WRH$_PGA_TARGET_ADVICE, UPDATE on SYS.WRH$_PLAN_OPERATION_NAME,
    UPDATE on SYS.WRH$_PLAN_OPTION_NAME, UPDATE on
    SYS.WRH$_PROCESS_MEMORY_SUMMARY, UPDATE on SYS.WRH$_RECOVERY_PROGRESS,
    UPDATE on SYS.WRH$_REPLICATION_TBL_STATS, UPDATE on
    SYS.WRH$_REPLICATION_TXN_STATS, UPDATE on SYS.WRH$_RESOURCE_LIMIT,
    UPDATE on SYS.WRH$_ROWCACHE_SUMMARY, UPDATE on
    SYS.WRH$_RSRC_CONSUMER_GROUP, UPDATE on SYS.WRH$_RSRC_METRIC, UPDATE on
    SYS.WRH$_RSRC_PDB_METRIC, UPDATE on SYS.WRH$_RSRC_PLAN, UPDATE on
    SYS.WRH$_RULE_SET, UPDATE on SYS.WRH$_SEG_STAT, UPDATE on
    SYS.WRH$_SEG_STAT_OBJ, UPDATE on SYS.WRH$_SERVICE_NAME, UPDATE on
    SYS.WRH$_SERVICE_STAT, UPDATE on SYS.WRH$_SERVICE_WAIT_CLASS, UPDATE on
    SYS.WRH$_SESSMETRIC_HISTORY, UPDATE on SYS.WRH$_SESS_SGA_STATS, UPDATE
    on SYS.WRH$_SESS_TIME_STATS, UPDATE on SYS.WRH$_SGA, UPDATE on
    SYS.WRH$_SGASTAT, UPDATE on SYS.WRH$_SGA_TARGET_ADVICE, UPDATE on
    SYS.WRH$_SHARED_POOL_ADVICE, UPDATE on SYS.WRH$_SHARED_SERVER_SUMMARY,
    UPDATE on SYS.WRH$_SQLCOMMAND_NAME, UPDATE on SYS.WRH$_SQLSTAT, UPDATE
    on SYS.WRH$_SQLTEXT, UPDATE on SYS.WRH$_SQL_BIND_METADATA, UPDATE on
    SYS.WRH$_SQL_PLAN, UPDATE on SYS.WRH$_SQL_SUMMARY, UPDATE on
    SYS.WRH$_SQL_WORKAREA_HISTOGRAM, UPDATE on SYS.WRH$_STAT_NAME, UPDATE
    on SYS.WRH$_STREAMS_APPLY_SUM, UPDATE on SYS.WRH$_STREAMS_CAPTURE,
    UPDATE on SYS.WRH$_STREAMS_POOL_ADVICE, UPDATE on
    SYS.WRH$_SYSMETRIC_HISTORY, UPDATE on SYS.WRH$_SYSMETRIC_SUMMARY,
    UPDATE on SYS.WRH$_SYSSTAT, UPDATE on SYS.WRH$_SYSTEM_EVENT, UPDATE on
    SYS.WRH$_SYS_TIME_MODEL, UPDATE on SYS.WRH$_TABLESPACE, UPDATE on
    SYS.WRH$_TABLESPACE_SPACE_USAGE, UPDATE on SYS.WRH$_TABLESPACE_STAT,
    UPDATE on SYS.WRH$_TEMPFILE, UPDATE on SYS.WRH$_TEMPSTATXS, UPDATE on
    SYS.WRH$_THREAD, UPDATE on SYS.WRH$_TOPLEVELCALL_NAME, UPDATE on
    SYS.WRH$_UNDOSTAT, UPDATE on SYS.WRH$_WAITCLASSMETRIC_HISTORY, UPDATE
    on SYS.WRH$_WAITSTAT, UPDATE on SYS.WRHS$_CELL_IOREASON_NAME, UPDATE on
    SYS.WRHS$_CELL_METRIC_DESC, UPDATE on SYS.WRHS$_DATAFILE, UPDATE on
    SYS.WRHS$_EVENT_NAME, UPDATE on SYS.WRHS$_IM_SEG_STAT_OBJ, UPDATE on
    SYS.WRHS$_IOSTAT_FILETYPE_NAME, UPDATE on
    SYS.WRHS$_IOSTAT_FUNCTION_NAME, UPDATE on SYS.WRHS$_LATCH_NAME, UPDATE
    on SYS.WRHS$_METRIC_NAME, UPDATE on SYS.WRHS$_OPTIMIZER_ENV, UPDATE on
    SYS.WRHS$_OSSTAT_NAME, UPDATE on SYS.WRHS$_PARAMETER_NAME, UPDATE on
    SYS.WRHS$_PLAN_OPERATION_NAME, UPDATE on SYS.WRHS$_PLAN_OPTION_NAME,
    UPDATE on SYS.WRHS$_SEG_STAT_OBJ, UPDATE on SYS.WRHS$_SERVICE_NAME,
    UPDATE on SYS.WRHS$_SQLCOMMAND_NAME, UPDATE on SYS.WRHS$_SQLTEXT,
    UPDATE on SYS.WRHS$_SQL_BIND_METADATA, UPDATE on SYS.WRHS$_SQL_PLAN,
    UPDATE on SYS.WRHS$_STAT_NAME, UPDATE on SYS.WRHS$_TABLESPACE, UPDATE
    on SYS.WRHS$_TEMPFILE, UPDATE on SYS.WRHS$_TOPLEVELCALL_NAME, UPDATE on
    SYS.WRI$_ADV_ACTIONS, UPDATE on SYS.WRI$_ADV_DEF_PARAMETERS, UPDATE on
    SYS.WRI$_ADV_DIRECTIVE_DEFS, UPDATE on
    SYS.WRI$_ADV_DIRECTIVE_INSTANCES, UPDATE on SYS.WRI$_ADV_EXECUTIONS,
    UPDATE on SYS.WRI$_ADV_EXEC_PARAMETERS, UPDATE on
    SYS.WRI$_ADV_FINDINGS, UPDATE on SYS.WRI$_ADV_INST_FDG, UPDATE on
    SYS.WRI$_ADV_JOURNAL, UPDATE on SYS.WRI$_ADV_MESSAGE_GROUPS, UPDATE on
    SYS.WRI$_ADV_OBJECTS, UPDATE on SYS.WRI$_ADV_PARAMETERS, UPDATE on
    SYS.WRI$_ADV_RATIONALE, UPDATE on SYS.WRI$_ADV_RECOMMENDATIONS, UPDATE
    on SYS.WRI$_ADV_REC_ACTIONS, UPDATE on SYS.WRI$_ADV_SQLT_BINDS, UPDATE
    on SYS.WRI$_ADV_SQLT_PLANS, UPDATE on SYS.WRI$_ADV_SQLT_PLAN_HASH,
    UPDATE on SYS.WRI$_ADV_SQLT_PLAN_STATS, UPDATE on
    SYS.WRI$_ADV_SQLT_RTN_PLAN, UPDATE on SYS.WRI$_ADV_SQLT_STATISTICS,
    UPDATE on SYS.WRI$_ADV_TASKS, UPDATE on SYS.WRI$_ADV_USAGE, UPDATE on
    SYS.WRI$_ALERT_HISTORY, UPDATE on SYS.WRI$_OPTSTAT_OPR, UPDATE on
    SYS.WRI$_SEGADV_CNTRLTAB, UPDATE on SYS.WRI$_SEGADV_OBJLIST, UPDATE on
    SYS.WRI$_SQLSET_DEFINITIONS, UPDATE on SYS.WRI$_SQLSET_REFERENCES,
    UPDATE on SYS.WRI$_SQLTEXT_REFCOUNT, UPDATE on SYS.WRM$_ACTIVE_PDBS,
    UPDATE on SYS.WRM$_BASELINE, UPDATE on SYS.WRM$_BASELINE_DETAILS,
    UPDATE on SYS.WRM$_BASELINE_TEMPLATE, UPDATE on SYS.WRM$_COLORED_SQL,
    UPDATE on SYS.WRM$_DATABASE_INSTANCE, UPDATE on SYS.WRM$_PDB_INSTANCE,
    UPDATE on SYS.WRM$_PDB_IN_SNAP, UPDATE on SYS.WRM$_SNAPSHOT, UPDATE on
    SYS.WRM$_SNAPSHOT_DETAILS, UPDATE on SYS.WRM$_SNAP_ERROR, UPDATE on
    SYS.WRM$_WR_CONTROL, UPDATE on SYS.WRM$_WR_SETTINGS, UPDATE on
    SYS.WRM$_WR_USAGE, UPDATE on SYS.WRMS$_SNAPSHOT

SYSBACKUP: DELETE on SYS.APPLY$_SOURCE_SCHEMA, INSERT on
    SYS.APPLY$_SOURCE_SCHEMA

SYSTEM <- DBA: INSERT on SYS.XSDB$SCHEMA_ACL, UPDATE on
    SYS.XSDB$SCHEMA_ACL
SYSTEM <- DBA <- DATAPUMP_EXP_FULL_DATABASE <- EXP_FULL_DATABASE:
    DELETE on SYS.INCEXP, DELETE on SYS.INCFIL, DELETE on SYS.INCVID,
    INSERT on SYS.INCEXP, INSERT on SYS.INCFIL, INSERT on SYS.INCVID,
    UPDATE on SYS.INCEXP, UPDATE on SYS.INCFIL, UPDATE on SYS.INCVID
SYSTEM <- DBA <- DATAPUMP_IMP_FULL_DATABASE <- EXP_FULL_DATABASE:
    DELETE on SYS.INCEXP, DELETE on SYS.INCFIL, DELETE on SYS.INCVID,
    INSERT on SYS.INCEXP, INSERT on SYS.INCFIL, INSERT on SYS.INCVID,
    UPDATE on SYS.INCEXP, UPDATE on SYS.INCFIL, UPDATE on SYS.INCVID
SYSTEM <- DBA <- DATAPUMP_IMP_FULL_DATABASE <- IMP_FULL_DATABASE:
    DELETE on SYS.EXPIMP_TTS_CT$, DELETE on SYS.RADM_FPTM$, INSERT on
    SYS.EXPIMP_TTS_CT$, INSERT on SYS.RADM_FPTM$, UPDATE on
    SYS.EXPIMP_TTS_CT$
SYSTEM <- DBA <- EXP_FULL_DATABASE: DELETE on SYS.INCEXP, DELETE on
    SYS.INCFIL, DELETE on SYS.INCVID, INSERT on SYS.INCEXP, INSERT on
    SYS.INCFIL, INSERT on SYS.INCVID, UPDATE on SYS.INCEXP, UPDATE on
    SYS.INCFIL, UPDATE on SYS.INCVID
SYSTEM <- DBA <- GATHER_SYSTEM_STATISTICS: DELETE on SYS.AUX_STATS$,
    DELETE on SYS.WRI$_OPTSTAT_AUX_HISTORY, INSERT on SYS.AUX_STATS$,
    INSERT on SYS.WRI$_OPTSTAT_AUX_HISTORY, UPDATE on SYS.AUX_STATS$,
    UPDATE on SYS.WRI$_OPTSTAT_AUX_HISTORY
SYSTEM <- DBA <- IMP_FULL_DATABASE: DELETE on SYS.EXPIMP_TTS_CT$,
    DELETE on SYS.RADM_FPTM$, INSERT on SYS.EXPIMP_TTS_CT$, INSERT on
    SYS.RADM_FPTM$, UPDATE on SYS.EXPIMP_TTS_CT$
SYSTEM <- DBA <- OPTIMIZER_PROCESSING_RATE: DELETE on
    SYS.OPT_CALIBRATION_STATS$, INSERT on SYS.OPT_CALIBRATION_STATS$,
    UPDATE on SYS.OPT_CALIBRATION_STATS$

WMSYS: DELETE on SYS.NOEXP$, INSERT on SYS.NOEXP$

Remarks

Users with these privileges can directly modify objects in the SYS, DVSYS, or LBACSYS schemas. Manipulating these system objects may allow security protections to be circumvented or otherwise interfere with normal operation of the database.

User Impersonation

PRIV.USER

CIS

Status

Evaluate

Summary

7 grants of user impersonation privilege. 1 grant of EXECUTE on restricted packages.

Details

Grants of BECOME USER:

GSMADMIN_INTERNAL <- DATAPUMP_IMP_FULL_DATABASE <- IMP_FULL_DATABASE:
    BECOME USER

O12TEST <- DBA: BECOME USER
O12TEST <- DBA <- DATAPUMP_IMP_FULL_DATABASE <- IMP_FULL_DATABASE:
    BECOME USER
O12TEST <- DBA <- IMP_FULL_DATABASE: BECOME USER

SYSTEM <- DBA: BECOME USER
SYSTEM <- DBA <- DATAPUMP_IMP_FULL_DATABASE <- IMP_FULL_DATABASE:
    BECOME USER
SYSTEM <- DBA <- IMP_FULL_DATABASE: BECOME USER


Grants of EXECUTE on DBMS_AQADM_SYS, DBMS_AQADM_SYSCALLS, DBMS_IJOB,
    DBMS_PRVTAQIM, DBMS_REPCAT_SQL_UTL, DBMS_SCHEDULER,
    DBMS_STREAMS_ADM_UTL, DBMS_STREAMS_RPC, DBMS_SYS_SQL, INITJVMAUX,
    LTADM, WWV_DBMS_SQL, WWV_EXECUTE_IMMEDIATE:

GSMADMIN_INTERNAL: EXECUTE on DBMS_SYS_SQL

Remarks

The BECOME USER privilege and these PL/SQL packages (DBMS_AQADM_SYS, DBMS_AQADM_SYSCALLS, DBMS_IJOB, DBMS_PRVTAQIM, DBMS_REPCAT_SQL_UTL, DBMS_SCHEDULER, DBMS_STREAMS_ADM_UTL, DBMS_STREAMS_RPC, DBMS_SYS_SQL, INITJVMAUX, LTADM, WWV_DBMS_SQL, WWV_EXECUTE_IMMEDIATE) allow for execution of SQL code or external jobs using the identity of a different user. Access should be strictly limited and granted only to users with a legitimate need for this functionality.

References

CIS Oracle Database 12c Benchmark v2.0.0: Recommendation 4.1.10, 4.2.1, 4.2.3 - 4.2.13, 4.3.5

Data Exfiltration

PRIV.EXFIL

CIS

Status

Evaluate

Summary

1 grant of EXECUTE on restricted packages.

Details

Grants of EXECUTE on DBMS_BACKUP_RESTORE, UTL_DBWS, UTL_ORAMTS:

SYSBACKUP: EXECUTE on DBMS_BACKUP_RESTORE

Remarks

These PL/SQL packages (DBMS_BACKUP_RESTORE, UTL_DBWS, UTL_ORAMTS) can send data from the database using the network or file system. Access should be granted only to users with a legitimate need for this functionality.

References

CIS Oracle Database 12c Benchmark v2.0.0: Recommendation 4.1.19, 4.1.20, 4.2.2

System Privileges Granted to PUBLIC

PRIV.SYSPUB

Status

Pass

Summary

No grants of system privileges to PUBLIC.

Remarks

Privileges granted to PUBLIC are available to all users. This generally should include few, if any, system privileges since these will not be needed by ordinary users who are not administrators.

Roles Granted to PUBLIC

PRIV.ROLEPUB

Status

Pass

Summary

No grants of roles to PUBLIC.

Remarks

Roles granted to PUBLIC are available to all users. Most roles contain privileges that are not appropriate for all users.

Column Privileges Granted to PUBLIC

PRIV.COLPUB

Status

Pass

Summary

No grants of column privileges to PUBLIC.

Remarks

Privileges granted to PUBLIC are available to all users. This should include column privileges only for data that is intended to be accessible to everyone.

DBA Role

PRIV.DBA

CIS

Status

Evaluate

Summary

2 grants of DBA role.

Details

Grants of DBA role:

O12TEST: DBA

SYSTEM: DBA

Remarks

The DBA role is very powerful and can be used to bypass many security protections. It should be granted to only a small number of trusted administrators. Furthermore, each trusted user should have an individual account for accountability reasons. As with any powerful role, avoid granting the DBA role with admin option unless absolutely necessary.

References

CIS Oracle Database 12c Benchmark v2.0.0: Recommendation 4.4.4

Other Powerful Roles

PRIV.BIGROLES

CIS

Status

Evaluate

Summary

59 grants of powerful roles (1 with admin option).

Details

Grants of AQ_ADMINISTRATOR_ROLE, EM_EXPRESS_ALL, EXP_FULL_DATABASE,
    IMP_FULL_DATABASE, SELECT_CATALOG_ROLE, EXECUTE_CATALOG_ROLE,
    DELETE_CATALOG_ROLE, OEM_MONITOR roles:

DBSNMP: OEM_MONITOR
DBSNMP <- OEM_MONITOR: SELECT_CATALOG_ROLE

GSMADMIN_INTERNAL <- DATAPUMP_EXP_FULL_DATABASE: EXP_FULL_DATABASE
GSMADMIN_INTERNAL <- DATAPUMP_EXP_FULL_DATABASE <- EXP_FULL_DATABASE:
    EXECUTE_CATALOG_ROLE, SELECT_CATALOG_ROLE
GSMADMIN_INTERNAL <- DATAPUMP_IMP_FULL_DATABASE: EXP_FULL_DATABASE,
    IMP_FULL_DATABASE
GSMADMIN_INTERNAL <- DATAPUMP_IMP_FULL_DATABASE <- EXP_FULL_DATABASE:
    EXECUTE_CATALOG_ROLE, SELECT_CATALOG_ROLE
GSMADMIN_INTERNAL <- DATAPUMP_IMP_FULL_DATABASE <- IMP_FULL_DATABASE:
    EXECUTE_CATALOG_ROLE, SELECT_CATALOG_ROLE

GSMCATUSER: AQ_ADMINISTRATOR_ROLE
GSMCATUSER <- GSMADMIN_ROLE: AQ_ADMINISTRATOR_ROLE

IX: AQ_ADMINISTRATOR_ROLE, SELECT_CATALOG_ROLE

MDSYS: AQ_ADMINISTRATOR_ROLE

O12TEST <- DBA: EM_EXPRESS_ALL, EXECUTE_CATALOG_ROLE, EXP_FULL_DATABASE,
    IMP_FULL_DATABASE, SELECT_CATALOG_ROLE
O12TEST <- DBA <- DATAPUMP_EXP_FULL_DATABASE: EXP_FULL_DATABASE
O12TEST <- DBA <- DATAPUMP_EXP_FULL_DATABASE <- EXP_FULL_DATABASE:
    EXECUTE_CATALOG_ROLE, SELECT_CATALOG_ROLE
O12TEST <- DBA <- DATAPUMP_IMP_FULL_DATABASE: EXP_FULL_DATABASE,
    IMP_FULL_DATABASE
O12TEST <- DBA <- DATAPUMP_IMP_FULL_DATABASE <- EXP_FULL_DATABASE:
    EXECUTE_CATALOG_ROLE, SELECT_CATALOG_ROLE
O12TEST <- DBA <- DATAPUMP_IMP_FULL_DATABASE <- IMP_FULL_DATABASE:
    EXECUTE_CATALOG_ROLE, SELECT_CATALOG_ROLE
O12TEST <- DBA <- EM_EXPRESS_ALL <- EM_EXPRESS_BASIC:
    SELECT_CATALOG_ROLE
O12TEST <- DBA <- EXP_FULL_DATABASE: EXECUTE_CATALOG_ROLE,
    SELECT_CATALOG_ROLE
O12TEST <- DBA <- IMP_FULL_DATABASE: EXECUTE_CATALOG_ROLE,
    SELECT_CATALOG_ROLE

SH: SELECT_CATALOG_ROLE

SYS$UMF <- SYSUMF_ROLE: SELECT_CATALOG_ROLE

SYSBACKUP: SELECT_CATALOG_ROLE

SYSRAC: AQ_ADMINISTRATOR_ROLE

SYSTEM: AQ_ADMINISTRATOR_ROLE(*)
SYSTEM <- DBA: EM_EXPRESS_ALL, EXECUTE_CATALOG_ROLE, EXP_FULL_DATABASE,
    IMP_FULL_DATABASE, SELECT_CATALOG_ROLE
SYSTEM <- DBA <- DATAPUMP_EXP_FULL_DATABASE: EXP_FULL_DATABASE
SYSTEM <- DBA <- DATAPUMP_EXP_FULL_DATABASE <- EXP_FULL_DATABASE:
    EXECUTE_CATALOG_ROLE, SELECT_CATALOG_ROLE
SYSTEM <- DBA <- DATAPUMP_IMP_FULL_DATABASE: EXP_FULL_DATABASE,
    IMP_FULL_DATABASE
SYSTEM <- DBA <- DATAPUMP_IMP_FULL_DATABASE <- EXP_FULL_DATABASE:
    EXECUTE_CATALOG_ROLE, SELECT_CATALOG_ROLE
SYSTEM <- DBA <- DATAPUMP_IMP_FULL_DATABASE <- IMP_FULL_DATABASE:
    EXECUTE_CATALOG_ROLE, SELECT_CATALOG_ROLE
SYSTEM <- DBA <- EM_EXPRESS_ALL <- EM_EXPRESS_BASIC:
    SELECT_CATALOG_ROLE
SYSTEM <- DBA <- EXP_FULL_DATABASE: EXECUTE_CATALOG_ROLE,
    SELECT_CATALOG_ROLE
SYSTEM <- DBA <- IMP_FULL_DATABASE: EXECUTE_CATALOG_ROLE,
    SELECT_CATALOG_ROLE

(*) = granted with admin option

Remarks

Like the DBA role, these roles (AQ_ADMINISTRATOR_ROLE, EM_EXPRESS_ALL, EXP_FULL_DATABASE, IMP_FULL_DATABASE, SELECT_CATALOG_ROLE, EXECUTE_CATALOG_ROLE, DELETE_CATALOG_ROLE, OEM_MONITOR) contain powerful privileges that can be used to bypass security protections. They should be granted only to a small number of trusted administrators.

References

CIS Oracle Database 12c Benchmark v2.0.0: Recommendation 4.4.1, 4.4.2, 4.4.3

Java Permissions

PRIV.JAVA

Status

Evaluate

Summary

Found 7 users or roles with Java permission.

Details

Grantee: DBJAVASCRIPT
GRANT, Name: oracle.DbmsJavaScriptUser, Type Schema: SYS, Type Name:
    java.lang.RuntimePermission

Grantee: EJBCLIENT
GRANT, Name: *, Type Schema: SYS, Type Name: java.net.SocketPermission,
    Action: connect,resolve
GRANT, Name: createClassLoader, Type Schema: SYS, Type Name:
    java.lang.RuntimePermission
GRANT, Name: getClassLoader, Type Schema: SYS, Type Name:
    java.lang.RuntimePermission

Grantee: JMXSERVER
GRANT, Name: *, Type Schema: SYS, Type Name: java.net.SocketPermission,
    Action: accept,connect,listen,resolve
GRANT, Name: control, Type Schema: SYS, Type Name:
    java.util.logging.LoggingPermission
GRANT, Name: monitor, Type Schema: SYS, Type Name:
    java.lang.management.ManagementPermission
GRANT, Name: setContextClassLoader, Type Schema: SYS, Type Name:
    java.lang.RuntimePermission
GRANT, Name: createMBeanServer, Type Schema: SYS, Type Name:
    javax.management.MBeanServerPermission
GRANT, Name: control, Type Schema: SYS, Type Name:
    java.lang.management.ManagementPermission
GRANT, Name: javax.net.ssl.*, Type Schema: SYS, Type Name:
    java.util.PropertyPermission, Action: read,write
GRANT, Name: https.proxyHost, Type Schema: SYS, Type Name:
    java.util.PropertyPermission, Action: read,write
GRANT, Name: javax.net.debug, Type Schema: SYS, Type Name:
    java.util.PropertyPermission, Action: read,write
GRANT, Name: java.rmi.server.randomIDs, Type Schema: SYS, Type Name:
    java.util.PropertyPermission, Action: read,write
GRANT, Name: com.sun.jmx.*, Type Schema: SYS, Type Name:
    java.util.PropertyPermission, Action: read,write
GRANT, Name: com.sun.management.*, Type Schema: SYS, Type Name:
    java.util.PropertyPermission, Action: read,write
GRANT, Name: *, Type Schema: SYS, Type Name:
    javax.management.MBeanPermission, Action: *
GRANT, Name: javavm/lib/management/*, Type Schema: SYS, Type Name:
    java.io.FilePermission, Action: read
GRANT, Name: javavm/lib/management/jmxremote.access, Type Schema: SYS, Type
    Name: java.io.FilePermission, Action: read
GRANT, Name: javavm/lib/management/management.properties, Type Schema: SYS,
    Type Name: java.io.FilePermission, Action: read
GRANT, Name: createAccessControlContext, Type Schema: SYS, Type Name:
    java.security.SecurityPermission
GRANT, Name: accessClassInPackage.sun.management.*, Type Schema: SYS, Type
    Name: java.lang.RuntimePermission

Grantee: MDSYS
GRANT, Name: sdo\demo\georaster\jlibs\*, Type Schema: SYS, Type Name:
    java.io.FilePermission, Action: read
GRANT, Name: getClassLoader, Type Schema: SYS, Type Name:
    java.lang.RuntimePermission
GRANT, Name: md\jlib\*, Type Schema: SYS, Type Name:
    java.io.FilePermission, Action: read
GRANT, Name: sdo/demo/georaster/jlibs/*, Type Schema: SYS, Type Name:
    java.io.FilePermission, Action: read
GRANT, Name: md/jlib/*, Type Schema: SYS, Type Name:
    java.io.FilePermission, Action: read
GRANT, Name: accessClassInPackage.com.sun.media.jai.*, Type Schema: SYS,
    Type Name: java.lang.RuntimePermission

Grantee: ORDSYS
GRANT, Name: loadLibrary.oraordim12, Type Schema: SYS, Type Name:
    java.lang.RuntimePermission
GRANT, Name: loadLibrary.ordim12, Type Schema: SYS, Type Name:
    java.lang.RuntimePermission
GRANT, Name: control, Type Schema: SYS, Type Name:
    java.util.logging.LoggingPermission
GRANT, Name: getClassLoader, Type Schema: SYS, Type Name:
    java.lang.RuntimePermission
GRANT, Name: <<ALL FILES>>, Type Schema: SYS, Type Name:
    java.io.FilePermission, Action: read,write,delete
GRANT, Name: /tmp/*, Type Schema: SYS, Type Name: java.io.FilePermission,
    Action: read,write,delete
GRANT, Name: accessClassInPackage.com.sun.imageio.plugins.jpeg, Type
    Schema: SYS, Type Name: java.lang.RuntimePermission
GRANT, Name: accessClassInPackage.com.sun.media.jai.codec, Type Schema:
    SYS, Type Name: java.lang.RuntimePermission
GRANT, Name: loadLibrary.clib_jiio, Type Schema: SYS, Type Name:
    java.lang.RuntimePermission

Grantee: PUBLIC
GRANT, Name: DUMMY, Type Schema: SYS, Type Name:
    oracle.aurora.security.JServerPermission
GRANT, Name: *, Type Schema: SYS, Type Name: java.util.PropertyPermission,
    Action: read
GRANT, Name: user.language, Type Schema: SYS, Type Name:
    java.util.PropertyPermission, Action: write
GRANT, Name: exitVM, Type Schema: SYS, Type Name:
    java.lang.RuntimePermission
GRANT, Name: createSecurityManager, Type Schema: SYS, Type Name:
    java.lang.RuntimePermission
GRANT, Name: modifyThread, Type Schema: SYS, Type Name:
    java.lang.RuntimePermission
GRANT, Name: modifyThreadGroup, Type Schema: SYS, Type Name:
    java.lang.RuntimePermission
GRANT, Name: getenv.TNS_ADMIN, Type Schema: SYS, Type Name:
    java.lang.RuntimePermission
GRANT, Name: preferences, Type Schema: SYS, Type Name:
    java.lang.RuntimePermission
GRANT, Name: LoadClassInPackage.*, Type Schema: SYS, Type Name:
    oracle.aurora.security.JServerPermission
GRANT, Name: oracle.net.tns_admin, Type Schema: SYS, Type Name:
    java.util.PropertyPermission, Action: write
GRANT, Name: getenv.ORACLE_HOME, Type Schema: SYS, Type Name:
    java.lang.RuntimePermission
RESTRICT, Name: LoadClassInPackage.oracle.jdbc.*, Type Schema: SYS, Type
    Name: oracle.aurora.security.JServerPermission
RESTRICT, Name: LoadClassInPackage.oracle.aurora.*, Type Schema: SYS, Type
    Name: oracle.aurora.security.JServerPermission
RESTRICT, Name: LoadClassInPackage.java.*, Type Schema: SYS, Type Name:
    oracle.aurora.security.JServerPermission
RESTRICT, Name: loadLibrary.*, Type Schema: SYS, Type Name:
    java.lang.RuntimePermission
RESTRICT, Name: 0:java.lang.RuntimePermission#loadLibrary.*, Type Schema:
    SYS, Type Name: oracle.aurora.rdbms.security.PolicyTablePermission
RESTRICT, Name: LoadClassInPackage.oracle.ord.*, Type Schema: SYS, Type
    Name: oracle.aurora.security.JServerPermission

Grantee: SYSTEM
GRANT, Name: <<ALL FILES>>, Type Schema: SYS, Type Name:
    java.io.FilePermission, Action: read

Remarks

Java permission grants control the ability of database users to execute Java classes within the database server. A database user executing Java code must have both Java security permissions and database privileges to access resources within the database. These resources include database resources, such as tables and PL/SQL packages, operating system resources, such as files and sockets, Oracle JVM classes, and user-loaded classes. Make sure that these permissions are limited to the minimum required by each user.

Users with Administrative Privileges

PRIV.ADMIN

Status

Evaluate

Summary

Found 4 users granted administrative privileges. Found 0 administrative privileges not granted to any user.

Details

SYSDBA    (1): SYS
SYSOPER   (1): SYS
SYSBACKUP (1): SYSBACKUP
SYSDG     (1): SYSDG
SYSKM     (1): SYSKM

Remarks

Administrative privileges allow a user to perform maintenance operations, including some that may occur while the database is not open. The SYSDBA privilege allows the user to run as SYS and perform virtually all privileged operations. Starting with Oracle Database 12.1, less powerful administrative privileges were introduced to allow users to perform common administrative tasks with less than full SYSDBA privileges. To achieve the benefit of this separation of duty, each of these administrative privileges should be granted to at least one user account.

Authorization Control

Database Vault

AUTH.DV

GDPR

Status

Advisory

Summary

Database Vault is not enabled.

Remarks

Database Vault provides for configurable policies to control the actions of privileged administrative users, in order to protect against insider threats, stolen credentials, and human error. Data realms prevent unauthorized access to sensitive data objects, even by users with system privileges. Command rules limit the SQL commands and options that administrators can execute.

References

EU General Data Protection Regulation 2016/679: Article 6, 25, 29, 32, 34, 89; Recital 28, 29, 78, 156

Privilege Analysis

AUTH.PRIV

Status

Advisory

Summary

No privilege analysis policies found.

Details


Users with EXECUTE on SYS.DBMS_PRIVILEGE_CAPTURE: O12TEST, SYSTEM

Remarks

Privilege Analysis records the privileges used during a real or simulated workload. After collecting data about the privileges that are actually used, this information can be used to revoke privilege grants that are no longer needed.

Data Encryption

Transparent Data Encryption

CRYPT.TDE

GDPR

Status

Advisory

Summary

No encrypted tablespaces found. No encrypted columns found. Examined 1 initialization parameter.

Details

ENCRYPT_NEW_TABLESPACES=CLOUD_ONLY. Recommended value is ALWAYS.

Remarks

Encryption of some sensitive data is a requirement in certain regulated environments. Transparent Data Encryption automatically encrypts data as it is stored and decrypts it upon retrieval. This protects sensitive data from attacks that bypass the database to read data files directly. Encryption keys may be stored in wallets on the database server itself, or stored remotely in Oracle Key Vault for improved security. The ENCRYPT_NEW_TABLESPACES parameter ensures that TDE tablespace encryption is applied to all newly created tablespaces. Setting this parameter to ALWAYS is recommended in order to protect all data regardless of the options specified when the tablespace is created.

References

EU General Data Protection Regulation 2016/679: Article 6, 32, 34; Recital 83

Encryption Key Wallet

CRYPT.WALLET

GDPR

Status

Evaluate

Summary

Found 1 wallet. No wallets are stored in the data file directory.

Details

Encryption wallet location: /u00/app/oracle/admin/TVDNCDB/wallet
Wallet type: FILE
Status: NOT_AVAILABLE
Keystore type: UNKNOWN
Wallet order: SINGLE

Data file directory: /u00/app/oracle/product/12.2.0.1/dbs

Remarks

Wallets are encrypted files used to store encryption keys, passwords, and other sensitive data. Wallet files should not be stored in the same directory with database data files, to avoid accidentally creating backups that include both encrypted data files and the wallet containing the master key protecting those files. For maximum separation of keys and data, consider storing encryption keys in Oracle Key Vault instead of wallet files.

References

EU General Data Protection Regulation 2016/679: Article 6, 32, 34; Recital 83

Fine-Grained Access Control

Data Redaction

ACCESS.REDACT

GDPR

Status

Advisory

Summary

No data redaction policies found.

Details


Users with EXEMPT REDACTION POLICY privilege: GSMADMIN_INTERNAL, O12TEST,
    SYSTEM
Users with EXECUTE on SYS.DBMS_REDACT: GSMADMIN_INTERNAL, O12TEST, SYSTEM

Remarks

Data Redaction automatically masks sensitive data found in the results of a database query. The data is masked immediately before it is returned as part of the result set, so it does not interfere with any conditions specified as part of the query. Access by users with the EXEMPT REDACTION POLICY privilege will not be affected by the redaction policy. Users who can execute the DBMS_REDACT package are able to create and modify redaction policies. Also consider the use of Oracle Data Masking and Subsetting to permanently mask sensitive data when making copies for test or development use.

References

EU General Data Protection Regulation 2016/679: Article 6, 25, 32, 34, 89; Recital 28, 29, 78, 156

Virtual Private Database

ACCESS.VPD

GDPR

Status

Advisory

Summary

No VPD policies found.

Details


Users with EXEMPT ACCESS POLICY privilege: MDSYS
Users with EXECUTE on SYS.DBMS_RLS: GSMADMIN_INTERNAL, MDSYS, O12TEST,
    SYSTEM, WMSYS, XDB

Remarks

Virtual Private Database (VPD) allows for fine-grained control over which rows and columns of a table are visible to a SQL statement. Access control using VPD limits each database session to only the specific data it should be able to access. Access by users with the EXEMPT ACCESS POLICY privilege will not be affected by VPD policies. Users who can execute the DBMS_RLS package are able to create and modify these policies.

References

EU General Data Protection Regulation 2016/679: Article 29, 32

Real Application Security

ACCESS.RAS

GDPR

Status

Advisory

Summary

No RAS policies found.

Details


Users with EXEMPT ACCESS POLICY privilege: MDSYS
Users with ADMIN_ANY_SEC_POLICY privilege: O12TEST, SYSTEM
Users with ADMIN_SEC_POLICY privilege: DBSFWUSER, O12TEST, SYSTEM
Users with APPLY_SEC_POLICY privilege: (none)

Remarks

Like Virtual Private Database, Real Application Security (RAS) provides fine-grained control over the rows and columns of a table that are visible to a SQL statement. Specification of RAS data access policies uses a declarative syntax based on access control lists. Access by users with the EXEMPT ACCESS POLICY privilege will not be affected by RAS access policies. Users with ADMIN_SEC_POLICY and APPLY_SEC_POLICY privileges are able to create and modify these policies.

References

EU General Data Protection Regulation 2016/679: Article 6, 25, 32, 34, 89; Recital 28, 29, 64, 78, 156

Label Security

ACCESS.OLS

GDPR

Status

Advisory

Summary

Label Security is not enabled.

Remarks

Oracle Label Security provides the ability to tag data with a data label or a data classification. Access to sensitive data is controlled by comparing the data label with the requesting user's label or security clearance. A user label or security clearance can be thought of as an extension to standard database privileges and roles. Access by users with the EXEMPT ACCESS POLICY privilege will not be affected by the Label Security policies. Each policy has a corresponding role; users who have this role are able to administer the policy.

References

EU General Data Protection Regulation 2016/679: Article 18, 29, 32; Recital 67

Transparent Sensitive Data Protection

ACCESS.TSDP

Status

Advisory

Summary

No sensitive types and columns found. Found 0 TSDP policies.

Details

Policies: (none)

Users with EXECUTE on SYS.DBMS_TSDP_MANAGE: (none)
Users with EXECUTE on SYS.DBMS_TSDP_PROTECT: (none)

Remarks

Transparent Sensitive Data Protection (TSDP), introduced in Oracle Database 12.1, allows a data type to be associated with each column that contains sensitive data. TSDP can then apply various data security features to all instances of a particular type so that protection is uniform and consistent. Data from columns marked as sensitive is also automatically redacted in the database audit trail and trace logs. Users who can execute the DBMS_TSDP_MANAGE and DBMS_TSDP_PROTECT packages are able to manage sensitive data types and the protection actions that are applied to them.

Auditing

Audit Records

AUDIT.RECORDS

GDPR CIS

Status

Evaluate

Summary

Examined 3 audit trails. Found records in 1 audit trail. No errors found in audit initialization parameters.

Details

Traditional Audit Trail: No records found
FGA Audit Trail: No records found
Unified Audit Trail: In use, 92 records found (Nov 06 2017 - Dec 02 2017)

AUDIT_FILE_DEST=/u00/app/oracle/admin/TVDNCDB/adump
AUDIT_SYSLOG_LEVEL is not set.
AUDIT_TRAIL=DB

Remarks

Auditing is an essential component for securing any system. The audit trail allows for monitoring the activities of highly privileged users. For any attack that exploits gaps in other security policies, auditing cannot prevent the attack but it forms the critical last line of defense by detecting the malicious activity. Sending audit data to a remote system is recommended in order to prevent any possible tampering with the audit records. The AUDIT_SYSLOG_LEVEL parameter can be set to send an abbreviated version of some audit records to a remote syslog collector. A better solution is to use Oracle Audit Vault and Database Firewall to centrally collect full audit records from multiple databases.

References

CIS Oracle Database 12c Benchmark v2.0.0: Recommendation 2.2.2
EU General Data Protection Regulation 2016/679: Article 30, 33, 34

Statement Audit

AUDIT.STMT

Status

Evaluate

Summary

Auditing enabled for 17 statements.

Details

Unified Audit (17): ALTER DATABASE LINK, ALTER PLUGGABLE DATABASE, ALTER
    PROFILE, ALTER ROLE, ALTER USER, CREATE DATABASE LINK, CREATE
    DIRECTORY, CREATE PLUGGABLE DATABASE, CREATE PROFILE, CREATE ROLE, DROP
    DATABASE LINK, DROP DIRECTORY, DROP PLUGGABLE DATABASE, DROP PROFILE,
    DROP ROLE, LOGON, SET ROLE

Remarks

This finding shows the SQL statements that are audited by enabled audit policies.

Object Audit

AUDIT.OBJ

Status

Advisory

Summary

No auditing enabled for objects.

Remarks

This finding shows the object accesses that are audited by enabled audit policies.

Privilege Audit

AUDIT.PRIV

CIS

Status

Evaluate

Summary

Auditing enabled for 30 privileges.

Details

Unified Audit (30): ADMINISTER KEY MANAGEMENT, ALTER ANY PROCEDURE, ALTER
    ANY SQL TRANSLATION PROFILE, ALTER ANY TABLE, ALTER DATABASE, ALTER
    SYSTEM, AUDIT SYSTEM, BECOME USER, CREATE ANY JOB, CREATE ANY LIBRARY,
    CREATE ANY PROCEDURE, CREATE ANY SQL TRANSLATION PROFILE, CREATE ANY
    TABLE, CREATE EXTERNAL JOB, CREATE PUBLIC SYNONYM, CREATE SQL
    TRANSLATION PROFILE, CREATE USER, DROP ANY PROCEDURE, DROP ANY SQL
    TRANSLATION PROFILE, DROP ANY TABLE, DROP PUBLIC SYNONYM, DROP USER,
    EXEMPT ACCESS POLICY, EXEMPT REDACTION POLICY, GRANT ANY OBJECT
    PRIVILEGE, GRANT ANY PRIVILEGE, GRANT ANY ROLE, LOGMINING, PURGE
    DBA_RECYCLEBIN, TRANSLATE ANY SQL

Remarks

This finding shows the privileges that are audited by enabled audit policies.

References

CIS Oracle Database 12c Benchmark v2.0.0: Recommendation 5.1.15, 5.1.16, 5.1.17

Administrative User Audit

AUDIT.ADMIN

CIS

Status

Pass

Summary

Actions of the SYS user are audited.

Details

Traditional Audit: AUDIT_SYS_OPERATIONS is set to TRUE.

Unified Audit policies enabled for administrators: (none)

Remarks

It is important to audit administrative actions performed by the SYS user. Traditional audit policies do not apply to SYS, so the AUDIT_SYS_OPERATIONS parameter must be set to record SYS actions to a separate audit trail. Beginning with Oracle 12c, the same Unified Audit policies can be applied to SYS that are used to monitor other users.

References

CIS Oracle Database 12c Benchmark v2.0.0: Recommendation 2.2.1

Privilege Management Audit

AUDIT.PRIVMGMT

CIS

Status

Pass

Summary

Actions related to privilege management are sufficiently audited.

Details

Traditional audit - auditing enabled: (none)
Unified audit - auditing enabled: ALTER ROLE, CREATE ROLE, DROP ROLE, GRANT
    ANY OBJECT PRIVILEGE, GRANT ANY PRIVILEGE, GRANT ANY ROLE

Remarks

Granting additional privileges to users or roles potentially affects most security protections and should be audited. Each action or privilege listed here should be included in at least one enabled audit policy.

References

CIS Oracle Database 12c Benchmark v2.0.0: Recommendation 5.1.4, 5.1.5, 5.1.15, 5.1.16, 5.2.4 - 5.2.8

Account Management Audit

AUDIT.ACCTMGMT

CIS

Status

Pass

Summary

Actions related to account management are sufficiently audited.

Details

Traditional audit - auditing enabled: (none)
Unified audit - auditing enabled: ALTER PROFILE, ALTER USER, CREATE
    PROFILE, CREATE USER, DROP PROFILE, DROP USER

Remarks

Creation of new user accounts or modification of existing accounts can be used to gain access to the privileges of those accounts and should be audited. Each action or privilege listed here should be included in at least one enabled audit policy.

References

CIS Oracle Database 12c Benchmark v2.0.0: Recommendation 5.1.1, 5.1.2, 5.1.3, 5.1.6, 5.1.7, 5.1.8, 5.2.1, 5.2.2, 5.2.3, 5.2.9, 5.2.10, 5.2.11

Database Management Audit

AUDIT.DBMGMT

CIS

Status

Medium Risk

Summary

Actions related to database management are not sufficiently audited.

Details

Auditing not enabled: ALTER PROCEDURE, ALTER PUBLIC DATABASE LINK, ALTER
    TRIGGER, AUDIT ANY, CREATE ANY DIRECTORY, CREATE LIBRARY, CREATE
    PROCEDURE, CREATE PUBLIC DATABASE LINK, CREATE SPFILE, CREATE TRIGGER,
    DROP ANY DIRECTORY, DROP PROCEDURE, DROP PUBLIC DATABASE LINK, DROP
    TRIGGER, SYSTEM AUDIT

Traditional audit - auditing enabled: (none)
Unified audit - auditing enabled: ADMINISTER KEY MANAGEMENT, ALTER
    DATABASE, ALTER DATABASE LINK, ALTER PLUGGABLE DATABASE, ALTER SYSTEM,
    CREATE ANY LIBRARY, CREATE DATABASE LINK, CREATE EXTERNAL JOB, CREATE
    PLUGGABLE DATABASE, CREATE PUBLIC SYNONYM, DROP ANY PROCEDURE, DROP
    DATABASE LINK, DROP PLUGGABLE DATABASE, DROP PUBLIC SYNONYM, EXECUTE ON
    SYS.DBMS_RLS

Remarks

Actions that affect the management of database features should always be audited. Each action or privilege listed here should be included in at least one enabled audit policy.

References

CIS Oracle Database 12c Benchmark v2.0.0: Recommendation 5.1.9, 5.1.10, 5.1.11, 5.1.17, 5.1.19 - 5.1.21, 5.2.12 - 5.2.14, 5.2.20 - 5.2.26

Privilege Usage Audit

AUDIT.PRIVUSE

CIS

Status

Medium Risk

Summary

Usages of powerful system privileges are not sufficiently audited.

Details

Auditing not enabled: CREATE ANY TRIGGER, SELECT ANY DICTIONARY

Traditional audit - auditing enabled: (none)
Unified audit - auditing enabled: ALTER ANY SQL TRANSLATION PROFILE, BECOME
    USER, CREATE ANY JOB, CREATE ANY PROCEDURE, CREATE ANY SQL TRANSLATION
    PROFILE, EXEMPT ACCESS POLICY, EXEMPT REDACTION POLICY, LOGMINING,
    TRANSLATE ANY SQL

Remarks

Usage of powerful system privileges should always be audited. Each privilege listed here should be included in at least one enabled audit policy.

References

CIS Oracle Database 12c Benchmark v2.0.0: Recommendation 5.1.14, 5.2.18

Database Connection Audit

AUDIT.CONN

CIS

Status

Medium Risk

Summary

Database connections are not sufficiently audited.

Details

Auditing not enabled: LOGOFF

Traditional audit - auditing enabled: (none)
Unified audit - auditing enabled: LOGON

Remarks

Successful user connections to the database should be audited to assist with future forensic analysis. Unsuccessful connection attempts can provide early warning of an attacker's attempt to gain access to the database.

References

CIS Oracle Database 12c Benchmark v2.0.0: Recommendation 5.1.22, 5.2.27

Fine Grained Audit

AUDIT.FGA

Status

Advisory

Summary

No fine grained audit policies found.

Details


Users with EXECUTE on SYS.DBMS_FGA: GSMADMIN_INTERNAL, O12TEST, SYSTEM

Remarks

Fine Grained Audit policies can record highly specific activity, such as access to particular table columns or access that occurs under specified conditions. This is a useful way to monitor unexpected data access while avoiding unnecessary audit records that correspond to normal activity.

Unified Audit

AUDIT.UNIFIED

Status

Evaluate

Summary

Found 7 unified audit policies. Found 49 objects or statements being audited.

Details

Policy ORA_ACCOUNT_MGMT (Disabled): Audits 9 objects/statements
Policy ORA_CIS_RECOMMENDATIONS (Disabled): Audits 26 objects/statements
Policy ORA_DATABASE_PARAMETER (Disabled): Audits 3 objects/statements
Policy ORA_LOGON_FAILURES (Enabled): Audits 1 objects/statements
Policy ORA_RAS_POLICY_MGMT (Disabled): Audits 35 objects/statements
Policy ORA_RAS_SESSION_MGMT (Disabled): Audits 14 objects/statements
Policy ORA_SECURECONFIG (Enabled): Audits 48 objects/statements

Remarks

Unified Audit, available in Oracle Database 12.1 and later releases, combines multiple audit trails into a single unified view. It also introduces new syntax for specifying effective audit policies.

Database Configuration

Initialization Parameters for Security

Name	Value
AUDIT_FILE_DEST	/u00/app/oracle/admin/TVDNCDB/adump
AUDIT_SYSLOG_LEVEL
AUDIT_SYS_OPERATIONS	TRUE
AUDIT_TRAIL	DB
COMPATIBLE	12.2.0
CURSOR_BIND_CAPTURE_DESTINATION	memory+disk
DBFIPS_140	FALSE
DISPATCHERS	(PROTOCOL=TCP) (SERVICE=TVDNCDBXDB)
ENCRYPT_NEW_TABLESPACES	CLOUD_ONLY
GLOBAL_NAMES	FALSE
LDAP_DIRECTORY_ACCESS	NONE
LDAP_DIRECTORY_SYSAUTH	no
O7_DICTIONARY_ACCESSIBILITY	FALSE
OS_AUTHENT_PREFIX	ops$
OS_ROLES	FALSE
PDB_LOCKDOWN
PDB_OS_CREDENTIAL
REMOTE_LISTENER
REMOTE_LOGIN_PASSWORDFILE	EXCLUSIVE
REMOTE_OS_AUTHENT	FALSE
REMOTE_OS_ROLES	FALSE
RESOURCE_LIMIT	TRUE
SEC_CASE_SENSITIVE_LOGON	TRUE
SEC_MAX_FAILED_LOGIN_ATTEMPTS	3
SEC_PROTOCOL_ERROR_FURTHER_ACTION	(DROP,3)
SEC_PROTOCOL_ERROR_TRACE_ACTION	TRACE
SEC_RETURN_SERVER_RELEASE_BANNER	FALSE
SQL92_SECURITY	TRUE
UNIFIED_AUDIT_SGA_QUEUE_SIZE	1048576
UTL_FILE_DIR

Access to Dictionary Objects

CONF.SYSOBJ

CIS

Status

Pass

Summary

Access to dictionary objects is properly limited.

Details

O7_DICTIONARY_ACCESSIBILITY=FALSE

Remarks

When O7_DICTIONARY_ACCESSIBILITY is set to FALSE, tables owned by SYS are not affected by the ANY TABLE system privileges. This parameter should always be set to FALSE because tables owned by SYS control the overall state of the database and should not be subject to manipulation by users with ANY TABLE privileges.

References

CIS Oracle Database 12c Benchmark v2.0.0: Recommendation 2.2.5

Inference of Table Data

CONF.INFER

CIS

Status

Pass

Summary

Data inference attacks are properly blocked.

Details

SQL92_SECURITY=TRUE

Remarks

When SQL92_SECURITY is set to TRUE, UPDATE and DELETE statements that refer to a column in their WHERE clauses will succeed only when the user has the privilege to SELECT from the same column. This parameter should be set to TRUE so that this requirement is enforced in order to prevent users from inferring the value of a column which they do not have the privilege to view.

References

CIS Oracle Database 12c Benchmark v2.0.0: Recommendation 2.2.17

Network Communications

CONF.NETCOM

CIS

Status

Pass

Summary

Examined 4 initialization parameters. No issues found.

Details

REMOTE_LISTENER=''
SEC_PROTOCOL_ERROR_FURTHER_ACTION=(DROP,3)
SEC_PROTOCOL_ERROR_TRACE_ACTION=TRACE
SEC_RETURN_SERVER_RELEASE_BANNER=FALSE

Remarks

REMOTE_LISTENER allows a network listener running on another system to be used. This parameter should normally be unset to ensure that the local listener is used. The SEC_PROTOCOL_ERROR parameters control the database server's response when it receives malformed network packets from a client. Because these malformed packets may indicate an attempted attack by a malicious client, the parameters should be set to log the incident and terminate the connection. SEC_RETURN_SERVER_RELEASE_BANNER should be set to FALSE to limit the information that is returned to an unauthenticated client, which could be used to help determine the server's vulnerability to a remote attack.

References

CIS Oracle Database 12c Benchmark v2.0.0: Recommendation 2.2.7, 2.2.14, 2.2.15, 2.2.16

External Authorization

CONF.EXTAUTH

CIS

Status

Pass

Summary

Examined 3 initialization parameters. No issues found.

Details

REMOTE_OS_AUTHENT=FALSE
REMOTE_OS_ROLES=FALSE
OS_ROLES=FALSE

Remarks

The OS_ROLES parameter determines whether roles granted to users are controlled by GRANT statements in the database or by the database server's operating system. REMOTE_OS_AUTHENT and REMOTE_OS_ROLES allow the client operating system to set the database user and roles. All of these parameters should be set to FALSE so that the authorizations of database users are managed by the database itself.

References

CIS Oracle Database 12c Benchmark v2.0.0: Recommendation 2.2.6, 2.2.9, 2.2.10

File System Access

CONF.FILESYS

CIS

Status

Pass

Summary

Examined 1 initialization parameter. No issues found.

Details

UTL_FILE_DIR=''

Remarks

The UTL_FILE_DIR parameter controls which part of the server's file system can be accessed by PL/SQL code. Because the directories specified in the UTL_FILE_DIR parameter may be accessed by any database user, it should be set to specify one or more safe directories that do not contain restricted files such as the configuration or data files for the database. For maximum security, use directory objects which allow finer grained control of access, rather than relying on this parameter.

References

CIS Oracle Database 12c Benchmark v2.0.0: Recommendation 2.2.11

Trace Files

CONF.TRACE

CIS

Status

Pass

Summary

Examined 0 initialization parameters. No issues found.

Remarks

The hidden parameter _TRACE_FILES_PUBLIC determines whether trace files generated by the database should be accessible to all OS users. Since these files may contain sensitive information, access should be limited by setting this parameter to TRUE.

References

CIS Oracle Database 12c Benchmark v2.0.0: Recommendation 2.2.18

Triggers

CONF.TRIG

Status

Low Risk

Summary

No logon triggers found. Found 1 disabled trigger.

Details

Disabled triggers: HR.SECURE_EMPLOYEES

Remarks

A trigger is code that executes whenever a specific event occurs, such as inserting data in a table or connecting to the database. Disabled triggers are a potential cause for concern because whatever protection or monitoring they may be expected to provide is not active.

Disabled Constraints

CONF.CONST

Status

Low Risk

Summary

Found 4 disabled constraints.

Details

Disabled constraints: STS_CHUNKS on GSMADMIN_INTERNAL.SHARD_TS,
    COSTS_CHANNEL_FK on SH.COSTS, COSTS_PROMO_FK on SH.COSTS, SUPP_DEMO_PK
    on SH.SUPPLEMENTARY_DEMOGRAPHICS

Remarks

Constraints are used to enforce and guarantee specific relationships between data items stored in the database. Disabled constraints are a potential cause for concern because the conditions they ensure are not enforced.

External Procedures

CONF.EXTPROC

CIS

Status

Evaluate

Summary

Found 5 external procedures. No external services found.

Details

External procedures: ORDSYS.ORDIMLIBS, SYS.DBMSHADOOPLIB,
    SYS.DBMS_SUMADV_LIB, SYS.DM$RQEXTLIB, SYS.KUBSAGT_LIB

Remarks

External procedures allow code written in other languages to be executed from PL/SQL. Note that modifications to external code cannot be controlled by the database. Be careful to ensure that only trusted code libraries are available to be executed. Although the database can spawn its own process to execute the external procedure, it is advisable to configure a listener service for this purpose so that the external code can run as a less-privileged OS user. The listener configuration should set EXTPROC_DLLS to identify the specific shared library code that can be executed rather than using the default value ANY.

References

CIS Oracle Database 12c Benchmark v2.0.0: Recommendation 2.1.2

Directory Objects

CONF.DIR

Status

High Risk

Summary

Found 17 directory objects. Found 1 directory object allowing access to restricted Oracle directory paths. Found 1 directory object with both write and execute access.

Details

Directory Name: DATA_FILE_DIR
Path = /u00/app/oracle/demos/common/db-sample-schemas-master/sales_history/
Users or roles with access: SH(READ)

Directory Name: DATA_PUMP_DIR
Path = /u00/app/oracle/admin/TVDNCDB/dpdump/
Users or roles with access: EXP_FULL_DATABASE(READ),
    EXP_FULL_DATABASE(WRITE), IMP_FULL_DATABASE(READ),
    IMP_FULL_DATABASE(WRITE), SCOTT(EXECUTE), SCOTT(READ), SCOTT(WRITE)

Directory Name: LOG_FILE_DIR
Path = //u00/app/oracle/demos/common/db-sample-schemas-master/log/
Users or roles with access: SH(READ), SH(WRITE)

Directory Name: MEDIA_DIR
Path = /u00/app/oracle/demos/common/db-sample-schemas-master/product_media/
Users or roles with access: PM(READ)

Directory Name: OPATCH_INST_DIR
Path = /u00/app/oracle/product/12.2.0.1/OPatch/

Directory Name: OPATCH_LOG_DIR
Path = /u00/app/oracle/product/12.2.0.1/QOpatch/

Directory Name: OPATCH_SCRIPT_DIR
Path = /u00/app/oracle/product/12.2.0.1/QOpatch/

Directory Name: ORACLE_BASE
Path = /u00/app/oracle/

Directory Name: ORACLE_HOME
Path = /u00/app/oracle/product/12.2.0.1/

Directory Name: ORACLE_OCM_CONFIG_DIR
Path = /u00/app/oracle/product/12.2.0.1/ccr/state/
Users or roles with access: ORACLE_OCM(READ), ORACLE_OCM(WRITE)

Directory Name: ORACLE_OCM_CONFIG_DIR2
Path = /u00/app/oracle/product/12.2.0.1/ccr/state/
Users or roles with access: ORACLE_OCM(READ), ORACLE_OCM(WRITE)

Directory Name: ORA_DBMS_FCP_ADMINDIR
Path = /u00/app/oracle/product/12.2.0.1/rdbms/admin/

Directory Name: ORA_DBMS_FCP_LOGDIR
Path = /u00/app/oracle/product/12.2.0.1/cfgtoollogs/

Directory Name: SS_OE_XMLDIR
Path = /u00/app/oracle/demos/common/db-sample-schemas-master/order_entry/
Users or roles with access: OE(READ), OE(WRITE)

Directory Name: SUBDIR
Path = /u00/app/oracle/demos/common/db-sample-schemas-
    master/order_entry//2002/Sep/
Users or roles with access: OE(READ), OE(WRITE)

Directory Name: XMLDIR
Path = /u00/app/oracle/product/12.2.0.1/rdbms/xml/

Directory Name: XSDDIR
Path = /u00/app/oracle/product/12.2.0.1/rdbms/xml/schema/


$ORACLE_HOME: ORACLE_HOME

Directories with both write and execute access: DATA_PUMP_DIR

Remarks

Directory objects allow access to the server's file system from PL/SQL code within the database. Access to files that are used by the database kernel itself should not be permitted, as this may alter the operation of the database and bypass its access controls.

Database Links

CONF.LINKS

CIS

Status

Evaluate

Summary

Found 1 database link.

Details

GLOBAL_NAMES=FALSE

Users with CREATE DATABASE LINK privilege: BI, GGSYS, GSMADMIN_INTERNAL,
    HR, IX, O12TEST, OE, SH, SYSTEM
Users with CREATE PUBLIC DATABASE LINK privilege: GSMADMIN_INTERNAL,
    O12TEST, SYSTEM

Private links:
SYS: SYS_HUB.TRIVADISTRAINING.COM

Remarks

Database links allow users to execute SQL statements that access tables in other databases. This allows for both querying and storing data on the remote database. It is advisable to set GLOBAL_NAMES to TRUE in order to ensure that link names match the databases they access.

References

CIS Oracle Database 12c Benchmark v2.0.0: Recommendation 2.2.3

Network Access Control

CONF.NETACL

Status

Evaluate

Summary

Found 2 network ACLs.

Details

NETWORK_ACL_4A5F6219EFE81A5FE0536538A8C0BF1D (Host: *, Ports: Min - Max)
Principal: GGSYS, Action: deny, Privilege: resolve
Principal: GSMADMIN_INTERNAL, Action: deny, Privilege: resolve
Principal: EMAIL_SCHREIBEN, Action: deny, Privilege: smtp

NETWORK_ACL_51ECA9E30D771C22E0536638A8C0C070 (Host: 10.1.12.250, Ports: 25
    - 25)
Principal: GGSYS, Action: deny, Privilege: resolve
Principal: GSMADMIN_INTERNAL, Action: deny, Privilege: resolve
Principal: EMAIL_SCHREIBEN, Action: deny, Privilege: smtp

Remarks

Network ACLs control the external servers that database users can access using network packages such as UTL_TCP and UTL_HTTP. Specifically, a database user needs the connect privilege to an external network host computer if he or she is connecting using the UTL_TCP, UTL_HTTP, UTL_SMTP, and UTL_MAIL utility packages. To convert between a host name and its IP address using the UTL_INADDR package, the resolve privilege is required. Make sure that these permissions are limited to the minimum required by each user.

XML Database Access Control

CONF.XMLACL

Status

Evaluate

Summary

Found 9 XML Database ACLs.

Details

Namespace: {http://xmlns.oracle.com/xdb/acl.xsd}
Description: Protected:Readable by PUBLIC and all privileges to OWNER
Principal: dav:owner, Action: grant, Privileges: all
Principal: XDBADMIN, Action: grant, Privileges: all
Principal: PUBLIC, Action: grant, Privileges: read-properties, read-
    contents, read-acl, resolve

Namespace: {http://xmlns.oracle.com/xdb/acl.xsd}
Description: Public:All privileges to PUBLIC
Principal: PUBLIC, Action: grant, Privileges: all

Namespace: {http://xmlns.oracle.com/xdb/acl.xsd}
Description: Private:All privileges to OWNER only and not accessible to
    others
Principal: dav:owner, Action: grant, Privileges: all

Namespace: {http://xmlns.oracle.com/xdb/acl.xsd}
Description: Read-Only:Readable by all and writeable by none
Principal: PUBLIC, Action: grant, Privileges: read-properties, read-
    contents, read-acl, resolve

Namespace: {http://xmlns.oracle.com/xdb/acl.xsd}
Description: Protected:Readable by PUBLIC and all privileges to OWNER
Principal: dav:owner, Action: grant, Privileges: all
Principal: XDBADMIN, Action: grant, Privileges: all
Principal: PUBLIC, Action: grant, Privileges: read-properties, read-
    contents, read-acl, resolve
Principal: OLAP_XS_ADMIN, Action: grant, Privileges: all

Namespace: {http://xmlns.oracle.com/xdb/acl.xsd}
Description: Protected:Readable by PUBLIC and all privileges to OWNER
Principal: dav:owner, Action: grant, Privileges: all
Principal: XDBADMIN, Action: grant, Privileges: all
Principal: PUBLIC, Action: grant, Privileges: read-properties, read-
    contents, read-acl, resolve
Principal: OLAP_XS_ADMIN, Action: grant, Privileges: all

Namespace: {http://xmlns.oracle.com/xdb/acl.xsd}
Description: Protected:Readable by PUBLIC and all privileges to OWNER
Principal: dav:owner, Action: grant, Privileges: all
Principal: XDBADMIN, Action: grant, Privileges: all
Principal: PUBLIC, Action: grant, Privileges: read-properties, read-
    contents, read-acl, resolve
Principal: OLAP_XS_ADMIN, Action: grant, Privileges: all

Namespace: {http://xmlns.oracle.com/xdb/acl.xsd}
Description: Protected:Readable by PUBLIC and all privileges to OWNER
Principal: dav:owner, Action: grant, Privileges: all
Principal: XDBADMIN, Action: grant, Privileges: all
Principal: PUBLIC, Action: grant, Privileges: read-properties, read-
    contents, read-acl, resolve
Principal: OLAP_XS_ADMIN, Action: grant, Privileges: all

Namespace: {http://xmlns.oracle.com/xdb/acl.xsd}
Description: Protected:Readable by PUBLIC and all privileges to OWNER
Principal: dav:owner, Action: grant, Privileges: all
Principal: XDBADMIN, Action: grant, Privileges: all
Principal: PUBLIC, Action: grant, Privileges: read-properties, read-
    contents, read-acl, resolve
Principal: OLAP_XS_ADMIN, Action: grant, Privileges: all

Remarks

XML ACLs control access to database resources using the XML DB feature. Every resource in the Oracle XML DB Repository hierarchy has an associated ACL. The ACL mechanism specifies a privilege-based access control for resources to principals, which are database users or roles. Whenever a resource is accessed, a security check is performed, and the ACL determines if the requesting user has sufficient privileges to access the resource. Make sure that these privileges are limited to the minimum required by each user.

Network Configuration

Network Encryption

NET.CRYPT

Status

Medium Risk

Summary

Native encryption is accepted but not required. Integrity check using checksums is accepted but not required.

Details

SQLNET.ENCRYPTION_SERVER is not set (default value = ACCEPTED).
SQLNET.CRYPTO_CHECKSUM_SERVER is not set (default value = ACCEPTED).

Examined 1 listener.

LISTENER: IPC (1), TCP (1), TCPS (0)

SSL_CERT_REVOCATION is not set (default value = NONE).

Remarks

Network encryption protects the confidentiality and integrity of communication between the database server and its clients. Either Native Encryption or TLS should be enabled. For Native Encryption, both ENCRYPTION_SERVER and CRYPTO_CHECKSUM_SERVER should be set to REQUIRED. If TLS is used, TCPS should be specified for all network ports and SSL_CERT_REVOCATION should be set to REQUIRED.

Client Nodes

NET.CLIENTS

Status

Medium Risk

Summary

Valid node check is not enabled. Neither TCP.INVITED_NODES nor TCP.EXCLUDED_NODES is set.

Details

TCP.VALIDNODE_CHECKING is not set (default value = NO). Recommended value
    is YES.
TCP.INVITED_NODES is not set.
TCP.EXCLUDED_NODES is not set.

Remarks

TCP.VALIDNODE_CHECKING should be enabled to control which client nodes can connect to the database server. Either a whitelist of client nodes allowed to connect (TCP.INVITED_NODES) or a blacklist of nodes that are not allowed (TCP.EXCLUDED_NODES) may be specified. Configuring both lists is an error; only the invited node list will be used in this case.

SQLNET Banners

NET.BANNER

Status

Low Risk

Summary

Connect banners are not fully configured.

Details

SEC_USER_AUDIT_ACTION_BANNER is not set. Should be set to a proper value.
SEC_USER_UNAUTHORIZED_ACCESS_BANNER is not set. Should be set to a proper
    value.

Remarks

These banner messages are used to warn connecting users that unauthorized access is not permitted and that their activities may be audited.

Network Listener Configuration

NET.COST

CIS

Status

Medium Risk

Summary

Examined 1 listener. Found 1 listener not configured properly.

Details

Listeners not configured properly: LISTENER

Parameter setting for LISTENER:
ADMIN_RESTRICTIONS_LISTENER=ON.
DYNAMIC_REGISTRATION_LISTENER is not set (default value = ON). Recommended
    value is OFF.
VALID_NODE_CHECKING_REGISTRATION_LISTENER is not set (default value = OFF).
    Should not be set to OFF.
SECURE_PROTOCOL_LISTENER is not set.
SECURE_CONTROL_LISTENER is not set.
SECURE_REGISTER_LISTENER is not set.

Remarks

These parameters are used to limit changes to the network listener configuration. ADMIN_RESTRICTIONS should be enabled to prevent parameter changes to the running listener. One of the following restrictions on service registration should be implemented: (a) prevent changes by disabling DYNAMIC_REGISTRATION, (b) limit the nodes that can make changes by enabling VALID_NODE_CHECKING_REGISTRATION, or (c) limit the network sources for changes using the COST parameters SECURE_PROTOCOL, SECURE_CONTROL, and SECURE_REGISTER.

References

CIS Oracle Database 12c Benchmark v2.0.0: Recommendation 2.1.1, 2.1.3, 2.1.4

Listener Logging Control

NET.LISTENLOG

Status

Pass

Summary

Examined 1 listener. Found 0 listeners not configured properly.

Details

Listeners configured properly: LISTENER

Parameter setting for LISTENER:
LOGGING_LISTENER=ON.

Remarks

This parameter enables logging of listener activity. Log information can be useful for troubleshooting and to provide early warning of attempted attacks.

Operating System

OS Authentication

OS.AUTH

Status

Evaluate

Summary

1 OS user can connect to the database via OS authentication.

Details

SYSDBA [dba group]: oracle
SYSOPER [oper group]: oracle
SYSBACKUP [backupdba group]: oracle
SYSKM [kmdba group]: oracle
SYSDG [dgdba group]: oracle
SYSRAC [racdba group]: oracle

Remarks

OS authentication allows operating system users within the specified user group to connect to the database with administrative privileges. This shows the OS group names and users that can exercise each administrative privilege.

Process Monitor Process

OS.PMON

Status

Pass

Summary

Found 1 PMON process. The owner of the PMON process matches the ORACLE_HOME owner.

Details

PMON process: ora_pmon_TVDNCDB, Owner: oracle
ORACLE_HOME owner: oracle

Remarks

The PMON process monitors user processes and frees resources when they terminate. This process should run with the user ID of the ORACLE_HOME owner.

Agent Processes

OS.AGENT

Status

Pass

Summary

No Agent processes found. Agent process owners do not overlap with Listener or PMON process owners.

Remarks

Agent processes are used by Oracle Enterprise Manager to monitor and manage the database. These processes should run with a user ID separate from the database and listener processes.

Listener Processes

OS.LISTEN

Status

Low Risk

Summary

Found 1 Listener process. Some Listener process owners overlap with Agent or PMON process owners.

Details

Owner: oracle
Command: /u00/app/oracle/product/12.2.0.1/bin/tnslsnr LISTENER -inherit

Remarks

Listener processes accept incoming network connections and connect them to the appropriate database server process. These processes should run with a user ID separate from the database and agent processes.

File Permissions in ORACLE_HOME

OS.FILES

Status

Medium Risk

Summary

Examined 291 files. Found 1 error.

Details

ORACLE_HOME: /u00/app/oracle/product/12.2.0.1
ORACLE_HOME owner: oracle
Directories: 2 (0 permission errors)
Executables in $ORACLE_HOME/bin: 265 (0 permission errors)
Configuration files in $TNS_ADMIN: 2 (0 permission errors)
Data files in $ORACLE_HOME/dbs: 22 (1 permission errors)

Files with permission errors:
dbs/init.ora (rw-r--r-- should be rw-r-----)

Remarks

The ORACLE_HOME directory and its subdirectories contain files that are critical to the correct operation of the database, including executable programs, data files, and configuration files. Operating system file permissions must not allow these files to be modified by users other than the ORACLE_HOME owner and must not allow other users to directly read the contents of Oracle data files.

This report provides information and recommendations that may be helpful in securing your Oracle database system. These recommendations reflect best practices for database security and should be part of any strategy for Data Protection by Design and by Default. These practices may help in addressing Articles 25 and 32 of the EU General Data Protection Regulation as well as other data privacy regulations. Technical controls alone are not sufficient for compliance. Passing all findings does not guarantee compliance.

The report provides a view on the current status. The results shown are provided for informational purposes only and should not be used as a substitute for a thorough analysis or interpreted to contain any legal or regulatory advice or guidance.

You are solely responsible for your system, and the data and information gathered during the production of this report. You are also solely responsible for the execution of software to produce this report, and for the effect and results of the execution of any mitigating actions identified herein.

Oracle provides this analysis on an "as is" basis without warranty of any kind and Oracle hereby disclaims all warranties and conditions whether express, implied or statutory.