A-02 · DCL role present for
| Field | Value |
|---|---|
| ID | A-02 |
| Category | authorization |
| Severity | error |
| Blocks mode | EVIDENCE_GROUNDED |
| Applies to | plans that contain at least one node annotated access_check: #CHECK |
| Source | internal/sap/validate/validate.go |
What it checks
Section titled “What it checks”For every node whose access_check annotation is #CHECK, the plan graph contains a node of kind AccessControl (a DCL artifact). Without a DCL role the check has no rules to evaluate.
When it fires
Section titled “When it fires”The plan has one or more #CHECK views and zero AccessControl nodes.
Failure detail
Section titled “Failure detail”DCL artifact missing; #CHECK views cannot be activated without one.
Resolution
Section titled “Resolution”Add a DCL artifact to the plan that defines the access-control rules for the #CHECK views, or change the access mode on those views. See How to resolve a gate.