The Scenario
An e-commerce firm in Johannesburg has grown quickly and experienced team changes. An internal scan reveals dozens of active database accounts: several junior developers have superuser (DBA) access to the production server, customer service staff have raw SELECT privileges on the user table containing plain-text passwords and banking data, and old employee accounts remain active.
The Brief
Perform an access audit. Create a role-based access control matrix, design a remediation plan to clean up old accounts, and write a SQL script to establish least-privilege roles.
Deliverables
- A Database Privilege Matrix (markdown table) defining logical roles (DBA, Developer, CS Agent, Report Reader) and their allowed operations (SELECT, INSERT, UPDATE, etc.) on specific schemas
- An account cleanup and audit playbook outlining how to discover stale users, rotate credentials, and restrict direct database access under POPIA requirements
- A SQL code template containing DDL commands (CREATE ROLE, GRANT, REVOKE) to implement the role segregation, including schema isolation and password complexity constraints
Submission Guidance
Under POPIA Principle 7 (Security Safeguards), you must restrict access to sensitive PII (banking/ID numbers) to only those who strictly need it. Make sure your role design prevents customer support agents from viewing sensitive data or exporting raw client lists.
Submit Your Work
Your submission is graded against the rubric on the right. If you pass, you get a public Badge URL you can share on LinkedIn. There is no draft save, so work offline first and paste your finished response here.