Usage Scenario



J.K Avro Superstore has a web-store front through which a customer can browse through the products and place his purchase order. After the customer checks out the products in his cart, he is given a form to fill in sensitive information like credit card number and other confidential information. Once submitted, this data is stored in table 'credit_card' and the purchase order placed by the customer is placed in table 'PurchaseOrder'. Every purchase order placed will have a corresponding entry in table 'Sales'.

The data in table 'credit_card' contains customer confidential information which should be accessed by authorized user in an absolute needed basis. The data in the table 'Sales' is monitored by sales managers of respective regions. In this scenario we introduce different users to demonstrate the restricted access to the table 'credit_card' based on the authorities and privileges granted to them. The different users are


prerequisite: These users must be created on the operating system before starting with this workshop.

To avoid any security threats, J.K Avro Superstore decides to implement the following Data Governance policies to get close to PCI compliance.