Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP HANA
(SAP HANA)
Описание
The role MODELING contains the predefined analytic privilege _SYS_BI_CP_ALL, which potentially allows a user to access all the data in activated views that are protected by XMLbased analytic privileges, regardless of any other XML-based analytic privileges that apply.
The user SYSTEM has the role MODELING by default.
Do not grant this role to users, particularly in production systems. It should be used as a
role template only.
You can verify whether a user or role has the MODELING role by executing the statement:
SELECT * FROM GRANTED_ROLES WHERE ROLE_NAME ='MODELING' AND
GRANTEE NOT IN ('SYSTEM');
The user SYSTEM has the role MODELING by default.
Do not grant this role to users, particularly in production systems. It should be used as a
role template only.
You can verify whether a user or role has the MODELING role by executing the statement:
SELECT * FROM GRANTED_ROLES WHERE ROLE_NAME ='MODELING' AND
GRANTEE NOT IN ('SYSTEM');
Как исправить
Ссылки