Fix PII lab persona tests
Some checks failed
Repo Quality / structure (push) Has been cancelled

This commit is contained in:
2026-05-18 12:02:13 -03:00
parent 2188ea8e58
commit 07390ff902
6 changed files with 53 additions and 21 deletions

View File

@@ -130,6 +130,14 @@ sql 'emma/Welcome1_DDS!@ddslab_tunnel'
Expected result: Emma sees her own authorized view.
Run Emma's self-service phone update:
```sql
@scenarios/03-pii-row-column-cell/sql/05_update_phone_test.sql
```
Expected result: Emma can update only her own `PHONE` value.
### Task 4.2 - Marvin Manager Access
```sql
@@ -146,6 +154,8 @@ sql 'marvin/Welcome1_DDS!@ddslab_tunnel'
Expected result: Marvin sees direct reports and not their `SSN`.
Do not run `05_update_phone_test.sql` as Marvin for the core demo. That script represents employee self-service phone updates, while Marvin's manager-specific update permission is for `SALARY` on direct reports.
### Task 4.3 - Victoria HR Access
```sql
@@ -162,6 +172,8 @@ sql 'victoria/Welcome1_DDS!@ddslab_tunnel'
Expected result: Victoria sees HR-authorized sensitive data.
Do not run `05_update_phone_test.sql` as Victoria for the core demo. HR has read access in this lab, but the employee self-service phone update is intentionally tied to the employee role.
## Lab 5 - Clean Up
```sql
@@ -194,4 +206,3 @@ The trust chain is: **end-user identity -> DATA ROLE -> DATA GRANT -> row, colum
- DDS supports row, column, and update controls in one model.
- The database enforces the boundary even when SQL asks for too much.
- PII protection is close to the data and independent of application-only filtering.