AUTHZ-001PASS
Allowed Table Access
SELECT * FROM users WHERE id = $1 -- as app_userapp_user is allowed to query the users table. The query is forwarded to the database.
Authorization
10 tests verify table/function permissions and access control enforcement.
Configuration
Per-user table and function permissions are defined in policy.yaml:
# policy.yaml
users:
app_user:
allowed_tables: ["users", "orders", "products"]
denied_tables: ["admin_users", "audit_log"]
allowed_functions: ["get_user_orders"]
admin:
allowed_tables: ["*"]
allowed_functions: ["*"]AUTHZ-002BLOCKED
Denied Table Access
SELECT * FROM admin_users WHERE id = $1 -- as app_userExpected Response
ERROR: Access denied
DETAIL: User 'app_user' is not allowed to access table 'admin_users'.The admin_users table is in the denied list for app_user. Access is blocked at the ALG level.