Only authorized users should be granted access to Analysis Services data sources.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-15180	DM6193-SQLServer9	SV-25499r1_rule	ECAN-1	Medium

Description
Access control applied to data sources controls user access to remotely defined systems using the authentication and authorizations defined for the data source. Unauthorized access to the data source in turn provides unauthorized access to remote systems.

STIG	Date
Microsoft SQL Server 2005 Instance Security Technical Implementation Guide	2015-06-16

Details

Check Text ( C-13828r1_chk )
From the SQL Server Management Studio GUI: 1. Connect to the Analysis Services instance 2. For each Analysis Services database: a. Expand the database b. Expand Roles c. For each role listed: i. Right-click on the role ii. Select Properties iii. Select the Data Sources page Review the list of data sources listed for the role against authorized roles in the System Security Plan. If access to any unauthorized data sources is assigned to the role, this is a Finding. If documentation does not exist or is insufficient to determine authorized access, this is a Finding.

Check Text ( C-13828r1_chk )

From the SQL Server Management Studio GUI:

1. Connect to the Analysis Services instance
2. For each Analysis Services database:
a. Expand the database
b. Expand Roles
c. For each role listed:
i. Right-click on the role
ii. Select Properties
iii. Select the Data Sources page

Review the list of data sources listed for the role against authorized roles in the System Security Plan.

If access to any unauthorized data sources is assigned to the role, this is a Finding.

If documentation does not exist or is insufficient to determine authorized access, this is a Finding.

Fix Text (F-14849r1_fix)
Document all roles authorized to access data sources in the System Security Plan. Remove any unauthorized data sources from roles.