WHENEVER SQLERROR EXIT SQL.SQLCODE CREATE END USER alice IDENTIFIED BY "Welcome1_DDS!"; CREATE END USER bruno IDENTIFIED BY "Welcome1_DDS!"; CREATE DATA ROLE seller_role; CREATE DATA ROLE latam_manager_role; CREATE ROLE shared_app_session_role; GRANT CREATE SESSION TO shared_app_session_role; GRANT shared_app_session_role TO seller_role; GRANT shared_app_session_role TO latam_manager_role; GRANT DATA ROLE seller_role TO alice; GRANT DATA ROLE latam_manager_role TO bruno; CREATE USER dds_app IDENTIFIED BY "AppPool#2026Lab!" ACCOUNT UNLOCK; GRANT CREATE SESSION TO dds_app; -- Vulnerable baseline: this broad legacy role simulates a shared application -- account or connection pool that can query the full table before DDS is enforced. CREATE ROLE shared_app_legacy_access_role; GRANT SELECT ON dds_orders TO shared_app_legacy_access_role; GRANT shared_app_legacy_access_role TO dds_app;