Replaces the original APAC-vs-all 2-user demo (vpduser_a/b on
KR_ANALYSTS/GLOBAL_ADMINS groups) with a 2x2 source-access matrix:
vpduser_my -> MY_ONLY group -> MySQL view only
vpduser_pg -> PG_ONLY group -> Postgres view only
vpduser_both -> BOTH_SOURCES group -> both views
vpduser_none -> (no group) -> nothing (default deny)
Why: source-level segmentation is the more common production
permission story than region-level filtering. Region filtering
remains available as an opt-in variant via commented UPDATE in
sql/adb/03_seed.sql.
Key changes:
- 03_seed.sql, 07_end_users.sql, 00_cleanup.sql, .env.example,
run.sh updated for the new 4-user model. All 4 users get
identical view GRANTs; the only differentiator is the
permission table (proves the model is "data-driven, not
GRANT-driven").
- 08-11 split into one file per user: my (+ 5 bypass attempts),
pg, both, none (default-deny verification).
- 12_tests_admin_audit.sql uses LEFT JOIN so vpduser_none shows
up as NULL permissions, and filters by object_owner=USER to
exclude cross-schema policies.
- Removed inline "-- comment" after ";" lines in 03_seed.sql:
SQL*Plus silently skipped the inserts (documented gotcha).
- README.md + docs/01,02 updated for the 4-user matrix. docs/03
detailed guide keeps the region-filter example but now has a
preface explaining it's a variant of the default 4-user model.
- docs/04: db_type='mysql_community' note added (RDS MySQL).
E2E verified: PG=0/MY=17, PG=12/MY=0, PG=12/MY=17, PG=0/MY=0
plus all 5 bypass attempts blocked.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
