Scenario: ExampleBANK using row and column access control - Data queries

Newton, Zurbie, and Plato each connect to the database and try the following SQL query:

SELECT * FROM RCACTSPM.CUSTOMER;

Results of the query vary according to who runs the query. The row and column access control rules created by the security administrator are applied on these queries.

Here is the result set Newton sees:

ACCOUNT             NAME                 INCOME      BRANCH
------------------- -------------------- ----------- ------
xxxx-xxxx-xxxx-4444 Alice                      22000 A     
xxxx-xxxx-xxxx-5555 Bob                        71000 A     

  2 record(s) selected.

Newton, being a teller at branch A, can see only ExampleBANK clients that belong to that branch.

Here is the result set Zurbie sees:

ACCOUNT             NAME                 INCOME      BRANCH
------------------- -------------------- ----------- ------
xxxx-xxxx-xxxx-4444 Alice                      22000 A     
xxxx-xxxx-xxxx-5555 Bob                        71000 A     
xxxx-xxxx-xxxx-6666 Carl                      123000 B     
xxxx-xxxx-xxxx-7777 David                     172000 C     

  4 record(s) selected.

Zurbie, being a customer service representative, can see all ExampleBANK clients in the system, but not their full account number unless he uses the ACCOUNTS.ACCTUPDATE application. Since this query was issued outside of ACCOUNTS.ACCTUPDATE, part of that number is masked.

Here is the result set Plato sees:

ACCOUNT             NAME                 INCOME      BRANCH
------------------- -------------------- ----------- ------
xxxx-xxxx-xxxx-4444 Alice                      22000 A     
xxxx-xxxx-xxxx-5555 Bob                        71000 A     
xxxx-xxxx-xxxx-6666 Carl                      123000 B     
xxxx-xxxx-xxxx-7777 David                     172000 C     

  4 record(s) selected.

Plato, being a telemarketer, can see all ExampleBANK clients in the system.