Check 8.2 "Are permissions assigned to roles rather than users?" of the "CIS Security Configuration Benchmark for Microsoft SQL Server 2005 v1.1.1" standard is reporting (many) objects that apparently have permissions directly assigned however when looking at the objects reported there is no sign of permissions directly assigned to that object.
Control Compliance Suite 11.x
Microsoft SQL server 2005
Standard: CIS Security Configuration Benchmark for Microsoft SQL Server 2005 v1.1.1
Check 8.2: "Are permissions assigned to roles rather than users?"
no error message as such.
When you directly assign certain privileges to a user at database level (rather than object level) CCS will fail this check reporting one line of evidence for each object that inherited the privileges.
Looking at the objects themselves, they don't show those assigned privileges. Database level assigned privileges do not seem to show on object level in MS SQL. CCS is correct to highlight the objects with directly assigned privileges, please have a look at database level assigned privileges and correct if need be.
Subscribing will provide email updates when this Article is updated. Login is required.