J.K Avro Superstore has a web-store front which a customer can browse through the products and place a purchase order. After the customer checks out the products in his cart, he is given a form to fill in sensitive information like credit card number and other confidential information. Once submitted, this data is stored in the 'credit_card' table and the purchase order placed by the customer is stored in the 'PurchaseOrder' table. Every purchase order placed will have a corresponding entry in the 'sales' table.
Data in the 'credit_card' table contains confidential customer information which should be accessed by authorized users only. The data in the 'sales' table is monitored by sales managers of respective regions. J.K Avro Superstore has different users with restricted access to the 'credit_card' table based on the authorities and privileges granted to them. The different users are
To become more PCI compliant, J.K Avro Superstore decides to implement the following PCI DSS requirements :