Usage Scenario



J.K Avro Superstore has a web-store front through which a customer can browse through the products and place his purchase order. After the customer checks out the products in his cart, he is given a form to fill in sensitive information like credit card number and other confidential information. Once submitted, this data is stored in table 'credit_card' and the purchase order placed by the customer is placed in table 'PurchaseOrder'. Every purchase order placed will have a corresponding entry in table 'Sales'.

The data in table 'credit_card' contains customer confidential information which should be accessed by authorized user in an absolute needed basis. The data in the table 'Sales' is monitored by sales managers of respective regions. In this scenario we introduce different users to demonstrate the restricted access to the table 'credit_card' based on the authorities and privileges granted to them. Users to be created are shown in next page.

To avoid any security threats, J.K Avro Superstore decides to implement the following Data Governance policies to get close to PCI compliance.