Files
oracle-deep-data-security-lab/scenarios/07-audit-evidence-data-safe/sql/02_identities.sql
Rodrigo 4ab75ed578
Some checks failed
Repo Quality / structure (push) Has been cancelled
Enhance audit evidence and Data Safe scenario
2026-05-13 16:59:50 -03:00

26 lines
1015 B
SQL
Executable File

WHENEVER SQLERROR EXIT SQL.SQLCODE
CREATE USER dds_audit_analyst IDENTIFIED BY "Welcome1_Audit!" ACCOUNT UNLOCK;
GRANT CREATE SESSION TO dds_audit_analyst;
CREATE END USER auditor IDENTIFIED BY "Welcome1_DDS!";
CREATE END USER payment_operator IDENTIFIED BY "Welcome1_DDS!";
CREATE DATA ROLE audit_read_role;
CREATE DATA ROLE payment_operator_role;
CREATE ROLE audit_session_role;
GRANT CREATE SESSION TO audit_session_role;
GRANT audit_session_role TO audit_read_role;
GRANT audit_session_role TO payment_operator_role;
-- Vulnerable baseline: this broad legacy role simulates an operational payment
-- application that grants direct table access before DDS is enforced.
CREATE ROLE audit_legacy_broad_access_role;
GRANT SELECT ON dds_audit_payments TO audit_legacy_broad_access_role;
GRANT audit_legacy_broad_access_role TO audit_read_role;
GRANT audit_legacy_broad_access_role TO payment_operator_role;
GRANT DATA ROLE audit_read_role TO auditor;
GRANT DATA ROLE payment_operator_role TO payment_operator;