joungmin/vpd-permission-poc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Pivot scenario from region-based 2 users to source-based 4 users

Browse Source 
Replaces the original APAC-vs-all 2-user demo (vpduser_a/b on
KR_ANALYSTS/GLOBAL_ADMINS groups) with a 2x2 source-access matrix:

  vpduser_my    -> MY_ONLY      group  -> MySQL view only
  vpduser_pg    -> PG_ONLY      group  -> Postgres view only
  vpduser_both  -> BOTH_SOURCES group  -> both views
  vpduser_none  -> (no group)          -> nothing (default deny)

Why: source-level segmentation is the more common production
permission story than region-level filtering. Region filtering
remains available as an opt-in variant via commented UPDATE in
sql/adb/03_seed.sql.

Key changes:
- 03_seed.sql, 07_end_users.sql, 00_cleanup.sql, .env.example,
  run.sh updated for the new 4-user model. All 4 users get
  identical view GRANTs; the only differentiator is the
  permission table (proves the model is "data-driven, not
  GRANT-driven").
- 08-11 split into one file per user: my (+ 5 bypass attempts),
  pg, both, none (default-deny verification).
- 12_tests_admin_audit.sql uses LEFT JOIN so vpduser_none shows
  up as NULL permissions, and filters by object_owner=USER to
  exclude cross-schema policies.
- Removed inline "-- comment" after ";" lines in 03_seed.sql:
  SQL*Plus silently skipped the inserts (documented gotcha).
- README.md + docs/01,02 updated for the 4-user matrix. docs/03
  detailed guide keeps the region-filter example but now has a
  preface explaining it's a variant of the default 4-user model.
- docs/04: db_type='mysql_community' note added (RDS MySQL).

E2E verified: PG=0/MY=17, PG=12/MY=0, PG=12/MY=17, PG=0/MY=0
plus all 5 bypass attempts blocked.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
devmrko
2026-05-26 14:42:11 +09:00
parent 68d53dc5a9
commit ed91306ee3
17 changed files with 424 additions and 191 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
docs/01-quickstart.md
View File

@@ -53,8 +53,8 @@ $EDITOR .env
| `PG_HOST` 등 | 원격 Postgres 연결정보 |
| `MY_HOST` 등 | 원격 MySQL 연결정보 |
VPDUSER A/B 의 패스워드는 데모용 기본값이 들어있으니 그대로 써도 무방하지만,
공유 환경이면 바꿔주세요.
VPDUSER (`my` / `pg` / `both` / `none`) 의 패스워드는 데모용 기본값이 들어있으니 그대로
써도 무방하지만, 공유 환경이면 바꿔주세요.
---
@@ -71,7 +71,7 @@ VPDUSER A/B 의 패스워드는 데모용 기본값이 들어있으니 그대로
[ OK ] Postgres source 준비 완료
[ OK ] MySQL source 준비 완료
[ OK ] ADB setup 완료
[ OK ] user_a / user_b 테스트 실행 완료 (위 출력에서 행 수 / 거부 결과 확인)
[ OK ] 4명 (MY / PG / BOTH / NONE) 테스트 실행 완료 (위 출력에서 행 수 / 거부 결과 확인)
[ OK ] audit 완료
[ OK ] === ALL DONE — VPD POC 전체 파이프라인 통과 ===
```
@@ -79,9 +79,15 @@ VPDUSER A/B 의 패스워드는 데모용 기본값이 들어있으니 그대로
이후 직접 검증해보고 싶으면:
```bash
# vpduser_a 로 접속 → APAC rows 만 보여야 함
sqlplus vpduser_a/${VPDUSER_A_PASSWORD}@${ADB_TNS}
SQL> SELECT region, COUNT(*) FROM admin.v_customers_pg GROUP BY region;
# vpduser_pg 로 접속 → PG 뷰는 전부 보이고 MY 뷰는 0 rows 여야 함
sqlplus vpduser_pg/${VPDUSER_PG_PASSWORD}@${ADB_TNS}
SQL> SELECT COUNT(*) FROM admin.v_customers_pg; -- 12
SQL> SELECT COUNT(*) FROM admin.v_customers_my; -- 0
# vpduser_none 으로 접속 → 양쪽 뷰 모두 0 rows (default deny)
sqlplus vpduser_none/${VPDUSER_NONE_PASSWORD}@${ADB_TNS}
SQL> SELECT COUNT(*) FROM admin.v_customers_pg; -- 0
SQL> SELECT COUNT(*) FROM admin.v_customers_my; -- 0
```
---