WHENEVER SQLERROR EXIT SQL.SQLCODE CREATE END USER nina IDENTIFIED BY "Welcome1_DDS!"; CREATE END USER heitor IDENTIFIED BY "Welcome1_DDS!"; CREATE END USER sofia IDENTIFIED BY "Welcome1_DDS!"; CREATE END USER carlos IDENTIFIED BY "Welcome1_DDS!"; CREATE DATA ROLE rag_employee_role; CREATE DATA ROLE rag_hr_role; CREATE DATA ROLE rag_legal_role; CREATE DATA ROLE rag_exec_role; CREATE ROLE rag_session_role; GRANT CREATE SESSION TO rag_session_role; GRANT rag_session_role TO rag_employee_role; GRANT rag_session_role TO rag_hr_role; GRANT rag_session_role TO rag_legal_role; GRANT rag_session_role TO rag_exec_role; -- Vulnerable baseline: this broad role simulates a RAG retrieval layer that can -- query every chunk before DDS is enforced. CREATE ROLE rag_legacy_retrieval_role; GRANT SELECT ON dds_rag_chunks TO rag_legacy_retrieval_role; GRANT rag_legacy_retrieval_role TO rag_employee_role; GRANT rag_legacy_retrieval_role TO rag_hr_role; GRANT rag_legacy_retrieval_role TO rag_legal_role; GRANT rag_legacy_retrieval_role TO rag_exec_role; GRANT DATA ROLE rag_employee_role TO nina; GRANT DATA ROLE rag_hr_role TO heitor; GRANT DATA ROLE rag_legal_role TO sofia; GRANT DATA ROLE rag_exec_role TO carlos;