How I Built a SQL-Driven User Access Review & Compliance Audit

Source: Dev.to

Introduction

One of the most common findings in a compliance audit is simple: the wrong people still have access to systems they shouldn’t. Terminated employees. Sales reps with admin rights. Accounts that haven’t been touched in months.

The Scenario

Terminated employees must have database access revoked within 24 hours.
Your job: write SQL audit queries to find every policy violation.

Step 1 — Building the Mock Database

INSERT INTO user_access VALUES (101, 'Alice Smith', 'IT', 'Admin', 'Active', '2026-02-01', NULL);

Step 2 — The Audit Queries

• Audit 2: Privilege Escalation Check — Non‑IT/DevOps users with Admin rights
• Audit 3: Stale Account Detection — No login in 90+ days

Step 3 — The GRC Executive Summary

Audit Finding Report — Q1 2026

What I Learned

(Content omitted in the original source.)

Links

• GitHub: github.com/SankethSubhas/sql-user-access-review