Improve Deep Data Security lab scenarios
Some checks failed
Repo Quality / structure (push) Has been cancelled
Terraform Validate / validate (push) Has been cancelled

This commit is contained in:
2026-05-13 16:11:12 -03:00
parent 8314351c98
commit db3d68af10
134 changed files with 401 additions and 273 deletions

View File

@@ -1,7 +1,8 @@
# Expected Results
- `alice` sees only customers where `account_owner = alice`.
- `bruno` sees LATAM customers and `tax_id` as `NULL`.
- `carla` sees global rows and sensitive columns.
- The same broad SQL returns different results by end-user context.
- Before DDS enforcement, `alice` can run the broad high-risk customer query through the intentionally overprivileged legacy role.
- Before DDS enforcement, sensitive columns such as `tax_id` and `annual_revenue` may be exposed to Alice.
- After DDS enforcement, `alice` sees only LATAM customer fields authorized for the sales role.
- After DDS enforcement, `bruno` sees LATAM customers and `tax_id` as `NULL`.
- After DDS enforcement, `carla` sees global rows and sensitive columns.
- The same broad SQL returns different results after database-enforced data grants are applied.