33 lines
1.2 KiB
SQL
Executable File
33 lines
1.2 KiB
SQL
Executable File
WHENEVER SQLERROR EXIT SQL.SQLCODE
|
|
|
|
CREATE END USER nina IDENTIFIED BY "Welcome1_DDS!";
|
|
CREATE END USER heitor IDENTIFIED BY "Welcome1_DDS!";
|
|
CREATE END USER sofia IDENTIFIED BY "Welcome1_DDS!";
|
|
CREATE END USER carlos IDENTIFIED BY "Welcome1_DDS!";
|
|
|
|
CREATE DATA ROLE rag_employee_role;
|
|
CREATE DATA ROLE rag_hr_role;
|
|
CREATE DATA ROLE rag_legal_role;
|
|
CREATE DATA ROLE rag_exec_role;
|
|
|
|
CREATE ROLE rag_session_role;
|
|
GRANT CREATE SESSION TO rag_session_role;
|
|
GRANT rag_session_role TO rag_employee_role;
|
|
GRANT rag_session_role TO rag_hr_role;
|
|
GRANT rag_session_role TO rag_legal_role;
|
|
GRANT rag_session_role TO rag_exec_role;
|
|
|
|
-- Vulnerable baseline: this broad role simulates a RAG retrieval layer that can
|
|
-- query every chunk before DDS is enforced.
|
|
CREATE ROLE rag_legacy_retrieval_role;
|
|
GRANT SELECT ON dds_rag_chunks TO rag_legacy_retrieval_role;
|
|
GRANT rag_legacy_retrieval_role TO rag_employee_role;
|
|
GRANT rag_legacy_retrieval_role TO rag_hr_role;
|
|
GRANT rag_legacy_retrieval_role TO rag_legal_role;
|
|
GRANT rag_legacy_retrieval_role TO rag_exec_role;
|
|
|
|
GRANT DATA ROLE rag_employee_role TO nina;
|
|
GRANT DATA ROLE rag_hr_role TO heitor;
|
|
GRANT DATA ROLE rag_legal_role TO sofia;
|
|
GRANT DATA ROLE rag_exec_role TO carlos;
|