CCE-19974-5| Platform: ms-sql2005 | Date: (C)2013-02-19 (M)2022-10-10 |
Analysis Services database roles should be configured appropriately for a specified server.
Parameter:
(1) database name
(2) database roles
(3) usernames
Technical Mechanism:
From the SQL Server Management Studio GUI:
1. Connect to the Analysis Services instance
2. Expand the Analysis Services instance
3. Expand Databases
4. Repeat for each database:
a. Click on each database role
b. Open the member list
c. Select any unauthorized users
d. Click or unclick the Remove button
e. Click OK
| CCSS Severity: | CCSS Metrics: |
| CCSS Score : | Attack Vector: |
| Exploit Score: | Attack Complexity: |
| Impact Score: | Privileges Required: |
| Severity: | User Interaction: |
| Vector: | Scope: |
| | Confidentiality: |
| | Integrity: |
| | Availability: |
| | |
References: | Resource Id | Reference |
|---|
| DISA STIG SQL 2005 INS Version 8, Release 1.7 Benchmark Date: 27 August 2010 | Rule ID: V0015194 Rule Title: Only authorized accounts should be assigned to one or more Analysis Services database roles. STIG ID: DM6109 Severity: CAT II Class: Unclass |
