Improve shared app account scenario
Some checks failed
Repo Quality / structure (push) Has been cancelled

This commit is contained in:
2026-05-14 11:49:45 -03:00
parent 5fa6b34d1e
commit 77ecd70622
7 changed files with 220 additions and 53 deletions

View File

@@ -1,6 +1,16 @@
# Expected Results
- `alice` sees her orders and no `margin`.
- `bruno` sees LATAM orders with all columns.
- The shared technical account alone is not the authorization boundary for data access.
## Before Oracle Deep Data Security
- `DDS_APP` simulates a shared application account or connection pool.
- `DDS_APP` can query all orders from all regions.
- `DDS_APP` can see the sensitive `margin` column.
- The database cannot safely distinguish Alice's access from Bruno's access if the application account is the only security boundary.
## After Oracle Deep Data Security
- `alice` sees only her own orders.
- `alice` can query operational columns such as `order_id`, `customer_name`, `region`, `seller`, and `amount`.
- `alice` cannot access `margin`.
- `bruno` sees LATAM orders with manager visibility, including `margin`.
- The database enforces access based on the business persona, not only on the shared technical account.