Improve view bypass lab before and after flow
Some checks failed
Repo Quality / structure (push) Has been cancelled
Some checks failed
Repo Quality / structure (push) Has been cancelled
This commit is contained in:
@@ -2,6 +2,7 @@ WHENEVER SQLERROR EXIT SQL.SQLCODE
|
||||
|
||||
CREATE END USER emma IDENTIFIED BY "Welcome1_DDS!";
|
||||
CREATE END USER marvin IDENTIFIED BY "Welcome1_DDS!";
|
||||
CREATE END USER erik IDENTIFIED BY "Welcome1_DDS!";
|
||||
|
||||
CREATE DATA ROLE account_owner_role;
|
||||
|
||||
@@ -9,5 +10,13 @@ CREATE ROLE mac_session_role;
|
||||
GRANT CREATE SESSION TO mac_session_role;
|
||||
GRANT mac_session_role TO account_owner_role;
|
||||
|
||||
-- Vulnerable baseline: this broad role simulates legacy direct table and view
|
||||
-- access before DDS mandatory enforcement is enabled.
|
||||
CREATE ROLE mac_legacy_broad_access_role;
|
||||
GRANT SELECT ON dds_mac_accounts TO mac_legacy_broad_access_role;
|
||||
GRANT SELECT ON dds_mac_accounts_view TO mac_legacy_broad_access_role;
|
||||
GRANT mac_legacy_broad_access_role TO account_owner_role;
|
||||
|
||||
GRANT DATA ROLE account_owner_role TO emma;
|
||||
GRANT DATA ROLE account_owner_role TO marvin;
|
||||
GRANT DATA ROLE account_owner_role TO erik;
|
||||
|
||||
Reference in New Issue
Block a user