26 lines
1015 B
SQL
Executable File
26 lines
1015 B
SQL
Executable File
WHENEVER SQLERROR EXIT SQL.SQLCODE
|
|
|
|
CREATE USER dds_audit_analyst IDENTIFIED BY "Welcome1_Audit!" ACCOUNT UNLOCK;
|
|
GRANT CREATE SESSION TO dds_audit_analyst;
|
|
|
|
CREATE END USER auditor IDENTIFIED BY "Welcome1_DDS!";
|
|
CREATE END USER payment_operator IDENTIFIED BY "Welcome1_DDS!";
|
|
|
|
CREATE DATA ROLE audit_read_role;
|
|
CREATE DATA ROLE payment_operator_role;
|
|
|
|
CREATE ROLE audit_session_role;
|
|
GRANT CREATE SESSION TO audit_session_role;
|
|
GRANT audit_session_role TO audit_read_role;
|
|
GRANT audit_session_role TO payment_operator_role;
|
|
|
|
-- Vulnerable baseline: this broad legacy role simulates an operational payment
|
|
-- application that grants direct table access before DDS is enforced.
|
|
CREATE ROLE audit_legacy_broad_access_role;
|
|
GRANT SELECT ON dds_audit_payments TO audit_legacy_broad_access_role;
|
|
GRANT audit_legacy_broad_access_role TO audit_read_role;
|
|
GRANT audit_legacy_broad_access_role TO payment_operator_role;
|
|
|
|
GRANT DATA ROLE audit_read_role TO auditor;
|
|
GRANT DATA ROLE payment_operator_role TO payment_operator;
|