Ensure that "cross db ownership chaining" database flag is disabled for your Google Cloud SQL Server database instances.
This rule resolution is part of the Conformity Security & Compliance tool for GCP.
The "cross db ownership chaining" configuration flag allows you to control cross-database ownership chaining at the SQL Server database level or to allow cross-database ownership chaining for all SQL Server databases. Enabling "cross db ownership chaining" flag is not recommended unless all of the databases hosted by the SQL Server need to participate in cross-database ownership chaining and you are fully aware of the security implications of this configuration setting.
Note: Some database flag settings can affect instance availability and/or stability, and eventually remove the SQL Server instance from the Google Cloud SQL Service Level Agreement (SLA).
Audit
To determine if "cross db ownership chaining" flag is disabled for your Google Cloud SQL Server database instances, perform the following operations:
Remediation / Resolution
To turn off the "cross db ownership chaining" database flag for your Google Cloud Platform (GCP) SQL Server database instances, perform the following actions:
References
- Google Cloud Platform (GCP) Documentation
- Cloud SQL for SQL Server
- Configuring database flags
- Editing instances
- CIS Security Documentation
- Securing Google Cloud Computing Platform
- SQL Server Database Documentation
- cross db ownership chaining Server Configuration Option
- GCP Command Line Interface (CLI) Documentation
- gcloud projects list
- gcloud sql instances list
- gcloud sql instances describe
- gcloud sql instances patch
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Disable "Cross DB Ownership Chaining" Flag for SQL Server Database Instances
Risk Level: Medium