Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
AuthzCtx - Alp社内共有会
Search
machu
April 22, 2022
Technology
100
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
AuthzCtx - Alp社内共有会
Alp社内共有会用
machu
April 22, 2022
More Decks by machu
See All by machu
NBAチームから学ぶ強いチームの作り方
machuz
0
63
Authorization to implement with Extensible Effect
machuz
0
460
アルプの 認証/認可分離戦略と手法
machuz
3
800
アルプのEff独自エフェクト集 / Alp-original ’Eff’ pearls
machuz
1
2.3k
Scalebaseバックエンド構成について/the backend design of Scalebase
machuz
0
6.6k
SQL Meisterへの道 ~更新編~ / sql-meister-CUD
machuz
0
2.4k
SQL Meisterへの道 ~基礎〜参照編~ / sql-meister-R
machuz
0
2.8k
Authz
machuz
0
320
CQRS+ESをKinesis,Spark,RDB,S3でやってみた
machuz
0
3.5k
Other Decks in Technology
See All in Technology
AIチャット検索改善の3週間
kworkdev
PRO
2
170
秘密度ラベル初心者が第1歩でつまづかないための「設計・運用」ポイント
seafay
PRO
1
480
【セミナー資料】Claude Code をセキュアに使うための考え方と設定の勘どころ / Claude Code Webinar 20260616
masahirokawahara
2
470
MySQL & MySQL HeatWave Report - June 2026
freshdaz
0
120
感情と身体を置き去りにしない、エンジニアの生きのこり方 ──いまから、ここから「自分の状態」を扱うという選択
saorimurooka
0
340
從開發到部署全都交給 AI:實作 AI 驅動的自動化流程
appleboy
0
160
自分が詳しくない領域でAIを使う #プロヒス2026
konifar
20
7.4k
MUSUBI 田中裕一『AIと共に行う「しごとのリデザイン」- スモールバックオフィス編』AI Ops Lab #4
musubi
0
310
ロボティクスの技術 / Robotics Technology
ks91
PRO
0
130
AIをフル活用してオンコール機能のプロトタイプを2日で作った話 / Building an AI-Powered On-Call Prototype in Just Two Days
nari_ex
0
130
From Prompt Engineering to Loop Engineering
shibuiwilliam
1
210
Bucharest Tech Week 2026 - Guardians of the Cloud-Native Galaxy
edeandrea
PRO
0
140
Featured
See All Featured
Being A Developer After 40
akosma
91
590k
The Power of CSS Pseudo Elements
geoffreycrofte
82
6.3k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
231
55k
SERP Conf. Vienna - Web Accessibility: Optimizing for Inclusivity and SEO
sarafernandez
2
1.5k
Digital Ethics as a Driver of Design Innovation
axbom
PRO
1
320
Balancing Empowerment & Direction
lara
6
1.2k
How to Get Subject Matter Experts Bought In and Actively Contributing to SEO & PR Initiatives.
livdayseo
0
140
The Hidden Cost of Media on the Web [PixelPalooza 2025]
tammyeverts
2
330
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
12
1.2k
How People are Using Generative and Agentic AI to Supercharge Their Products, Projects, Services and Value Streams Today
helenjbeal
1
220
Joys of Absence: A Defence of Solitary Play
codingconduct
1
400
Side Projects
sachag
455
43k
Transcript
Authz 2 0 2 2 / 0 4 / 2
2 υ ϝ Π ϯ ڞ ༗ ձ M A C H U
2 ΞδΣϯμ • ೝՄ͍͠ͱ͜Ζ͓͞Β͍ • ೝՄج൫v1ͰରԠ͍ͯͨ͠෦͓͞Β͍ • v1ͰԿ͕Ͱ͖͍ͯͳ͔͔ͬͨ • Scope༩ํ๏ղઆ
• ࡉ͔͍Έ • ϑϩϯτͱͷΓͱΓ • SATͷ࡞Γํ • ࠓޙͷԠ༻ • ࠷ޙʹ
3 ೝՄ͍͠ͱ͜Ζ͓͞Β͍
4 ೝՄͷ͍͠ ద༻ൣғ͕͍ Operator,System,Token,֤ Ctx,Adpt,UseCase,Domain etc… ೝՄͷ֓೦͕ᐆດͰɺ ѻ͍͕͍͠ ϩδοΫͱ ີʹͳΓ͍͢
5 ద༻ൣғ͕͍ Presenter Controller Repository(DB etc..) UseCase Domain Masking item
Execute endpoint Filter resource read/write auhorization Execute UseCase Ramification domainLogic Execute domainLogic ֤ͰೝՄΛద༻͍ͨ͠໘͕͜Ε͚ͩ͋Γ·͢ɻ͜ΕΒΛผʑͷΈͰ࣮ͯ͠͠·͏ͱ ख͕ଟ͘ͳΓ͗͢Δ͠ɺΈಉ࢜ͷ߹ੑΛઁΔ͜ͱ͘͠ͳΓ·͢ɻ
6 ద༻ൣғ͕͍ Presenter Controller Repository(DB etc..) UseCase Domain Presenter Controller
Repository(DB etc..) UseCase Domain Presenter Controller Repository(DB etc..) UseCase Domain Ctx-A Ctx-B Ctx-C ͔͠ɺͦͷ͕ෳͷίϯςΩετʹ·͕ͨΓ·͢ɻ ౷ҰతʹऔΓѻ͏ೝՄج൫͕ͳ͍ͱख͕૿͑͗͢Δ͠ɺظͨ͠ڍಈΛಘΔͷอͭͷ͘͠ͳΓ·͢ɻ ·ͨɺॲཧͷϑϩʔෳࡶԽ͕ͪ͠Ͱ͢ɻ
7 ೝՄͷ֓೦͕ᐆດͰɺѻ͍͕͍͠ Presenter Controller Repository(DB etc..) UseCase Domain Masking item
Execute endpoint Filter resource read/write auhorization Execute UseCase Ramification domainLogic Execute domainLogic ͜Ε͚֤ͩʹ͓͍༷ͯʑͳ࡞༻͕͋ΔͷͰɺͲͷΑ͏ͳ֓೦ͱͯ͠औΓѻ͏͔͍͕͠ ͋Γ·͢ɻ
8 ϩδοΫͱີʹͳΓ͍͢ ୯७ʹॻ͘ͱɺݖݶ͕ଘࡏ͢Δ͔ͷνΣοΫΛ৭ʑͳͱ͜ΖʹࠐΉ͜ͱʹͳΓ·͢ `If (Operator.policy. fi nd(_ == CanWriteContract)) ~
` ͱ͍ͬͨ۩߹Ͱ͢ɻ ͜Ε͚ͩͳΒ·ͩϚγͰ͕͢ɺ࣮ࡍ `If ( (Operator.policy.exixts(_ == AllAllow) || Operator.policy.exixts(_ == CanWriteContract)) && Operator.policy.exixts(_ != AllDeny)) )` ͳͲɺͲΜͲΜංେԽ͍͖ͯ͠ɺͦΕ͕৭ʑͳͱ͜Ζʹࢄ Βͬͯ͠·͍·͢ɻϑϩϯτʹ·ͰඈͼՐͯ͠ີʹͳΓ·͢ɻ
9 ೝՄج൫v1ͰରԠ͍ͯͨ͠෦͓͞Β͍
1 0 ੳػೳ෦తʹద༻͍ͯͨ͠ೝՄج൫v1Ͱ ɺ͜ΕΒͷʹ͋ΔఔରԠͰ͖͍ͯͨ
11 ద༻ൣғ͕͍ Operator,System,Token,֤ Ctx,UseCase,Domain etc… ߏʹΑΔॊೈͳදݱ PrincipalIdʹΑΔೝՄओମநԽ
1 2 AuthzCtxͷΓग़͠ͱɺ ೝՄؔ࿈Ϟσϧͷlibஔ ೝՄͷ֓೦͕ᐆດͰɺ ѻ͍͕͍͠
1 3 - EffͰͷΤϑΣΫτநԽʹΑΔؔ৺ - AuthzCtxʹΑΔɺSupport,Manage,Decideͱɺ Enforceͷ ϩδοΫͱີʹͳΓ ͍͢
1 4 Support,Manage,DecideͱɺEnforceͷͱ ‘XACML Reference Architecture’ ʹ ͋ΔݟͰɺೝՄͷͷ୯ҐΛ͜ͷ4ͭʹ͚͍ͯΔ ScalebaseͰ Decide,ManageΛAuthzCtxʹด͡ࠐΊɺAuthzIOͰૢ
࡞ͷίϚϯυΛΤϑΣΫτநԽ Enforce,SupportجຊతͳఆAuthzCtxʹدͤɺ BooleanΛฦ͢͜ͱʹΑͬͯߏΛར༻֤ͯ͠Ctx Ͱͷఆͱ߹ͯ͠ఆ͕Ͱ͖ΔΑ͏ʹ͍ͯ͠Δ ※SupportAuthzCtxܦ༝ʹ͢Δύλʔϯ͋ΔͷͰ ࠓޙศརͳํΛબ͍ͯ͘͠
1 5 ͜ͷล👇ͷࢿྉΛࢀর͍ͩ͘͞🙏 https://speakerdeck.com/ma2k8/authz
1 6 v1ͰԿ͕Ͱ͖͍ͯͳ͔͔ͬͨ
1 7 ͡Ό͋Կ͕Ͱ͖ͯͳ͔ͬͨΜ͚ͩͬ
1 8 ೝՄج൫v1ͷΧόʔൣғ Presenter Controller Repository(DB etc..) UseCase Domain Masking
item Execute endpoint Filter resource read/write auhorization Execute UseCase Ramification domainLogic Execute domainLogic
1 9 ೝՄج൫v2(ࠓͬͯΔͭ)ͷΧόʔൣғ Presenter Controller Repository(DB etc..) UseCase Domain Masking
item Execute endpoint Filter resource read/write auhorization Execute UseCase Ramification domainLogic Execute domainLogic ※͜͜PresenterΛEffʹੵΊͰ͖ΔΑ͏ʹͳΔ
2 0 ࠩ Execute endpoint read/write auhorization Execute UseCase ͕
2 1 ͷঢ়ଶͱ දݱͰ͖Δ͕ɺہॴతͳݖݶఆ͕͔ͳ Γͷྔʹͳͬͯ͠·͍ɺӡ༻͕ਏ͍ for { hasViewerPermission <- AuthzIO.requestBoolPolicy[R](
ActionComposing.Literal( principalId = operatorId.toPrincipalId, action = DashboardAnalysisView, resourceIds = Nil ) ) hasExplorerPermission <- AuthzIO.requestBoolPolicy[R]( ActionComposing.Literal( principalId = operatorId.toPrincipalId, action = DashboardAnalysisExplore, resourceIds = Nil ) ) lookerRole <- fromPpError[R, LookerRole] { if (hasViewerPermission) Right(SimpleViewer) else if (hasExplorerPermission) Right(SimpleExplorer) else Left(PpError.UnauthorizedError()) } …
2 2 ࠓճͷཁ݅
2 3 ReadOnlyͳݖݶ
2 4 ద༻ൣғ͕͍ʂ
2 5 ·͞ʹɹ͕ϒο͞Δཁ݅
2 6 ͜Ε·ͰͷScalebaseͷॲཧશͯʹ ͜ͷذΛ͢ͷɺେਓͰ͔͠ճͤͳ͍γεςϜͷ ೖΓޱͱͳΓ͏Δ͠ɺγϯϓϧʹઈରόάΔɻආ͚͍ͨɻ
2 7 υϝΠϯϩδοΫͷݖݶఆذʮہॴతͰͳ͚ΕͳΒͳ͍ʯ͕ɺ ΑΓେ͖ͳείʔϓతͳ֓೦ɺҙͷείʔϓΛઃఆͨ͠Βউखʹద༻͞Εͯ΄͍͠ͳ͊ ɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹ
2 8 ࡞Γ·ͨ͠
2 9 Scope༩ํ๏ղઆ
3 0 ·ͣContractʹ είʔϓ༩͢ΔܗͰղઆ͠·͢
3 1 ؆୯ 4εςοϓ
3 2 ᶃContractͷRead/WriteʹඞཁͳScopeΛ༩ implicit val scopeAllocator: ScopeAllocator[ContractId] = ScopeAllocator.allocate( readScope
= List(Action.ContractRead), writeScope = List(Action.ContractWrite) ) domainʹ͋ΔɺContractIdͱContractͷίϯύχΦϯΦϒδΣΫτʹscopeAllocatorΛઃఆ͠ ·͢ɻ
3 3 ᶄContractRepositoryͷγάχνϟʹͯ ฦΓΛࢦఆͷܕͰғ͏ def findById[R: _authzio: _trantask]( providerId: ProviderId,
id: ContractId ): Eff[R, ReadAuthzScopeRepoFilter[Option[Contract]]] def store[R: _authzio: _trantask: _clockm: _ppErrorEither]( entity: Contract ): Eff[R, WriteAuthzScope[Contract]] ReadScopeΛར༻͢ΔRepositoryͷϝιου ReadAuthzScopeRepoFilterɺ WriteScopeΛར༻͢ΔϝιουɺWriteAuthzScope Ͱғ͍·͢ Repositoryɺ͜ͷΠϯλʔϑΣʔεʹͳ͍ͬͯͳ͍ͱίϯύΠϧΤϥʔʹ͢Δscala fi xϧʔϧ ༻ҙͯ͠ΔͷͰྑ͖λΠϛϯάͰద༻͍͖͍ͯͨ͠ͱࢥ͍ͬͯ·͢ɻ
3 4 ᶅContractRepositoryImplʹͯ ࢦఆͷܕͰғͬͯฦ͢ // ReadScopeͷ༩ A => ReadAuthzScopeRepoFilter[A] yield
ReadAuthzScopeRepoFilter(maybe) // WriteScopeͷ༩ A => Eff[R, WriteAuthzScope[A]] contract <- fromPpError(stored.toRight(ResourceNotFoundError(resourceName = "contract", identifier = entity.id))) contractWithScope <- WriteAuthzScope(contract) WriteɺReadAuthzScopeRepoFilter.apply ͰWriteAuthzScopeͰแΉࡍʹscopeΛ༩͍ͯ͠ΔͷͰ A => Eff[R, WriteAuthzScope[A]] ͱͳΔͷͰforࣜͰapply͠·͢ɻ ReadɺReadAuthzScopeRepoFilter. fi lteredValueͰΛऔΓग़͢ࡍʹscopeΛ༩͍ͯ͠ΔͷͰɺA => ReadAuthzScopeRepoFilter[A]ͱͳΔͷͰyieldͳͲͰapply͠·͢ɻ
3 5 ᶆ࠷ޙʹPrimaryAdapterͰrun! runAuthz or runAll Ͱ࣮ߦ͢ΔͱɺࢦఆͷScopeʹର͢ΔݖݶΛ͍࣋ͬͯͳ͚Ε `ೝՄΤϥʔ` ʹͳΓ·͢ɻ BatchAdapterͰɺೝՄΛεΩοϓ͍ͨ͠ͷͰ
runAuthzIOWithoutRequest or runAllWithoutAuthzIORequestͱ͢ΔͱೝՄΛεΩοϓ͢Δ͜ͱͰ͖·͢ɻ
3 6 ͜Ε͚ͩͰ౷Ұతͳ είʔϓ੍͕ޚ͕ߦ͑·͢
3 7 ؆୯Ͱ͢Ͷʂ
3 8 Scopeͷࡉ͔͍Έ
3 9 ScopeΛStateͰදݱ͠ɺ ΤϑΣΫτελοΫʹಥͬࠐΜͰ͍Δ ೝՄScope͕༩͞Ε͍ͯΔ͜ͱΛࣔ͢ܕΫϥεͷapply࣌ʹɺimplictlyͰScopeAllocatorΛಋग़ ͠ɺStateʹScopeΛੵΜͰ͍·͢ɻ
4 0 ݱঢ়RepositoryͷΈ͕ͩͲ͜ͰੵΊΔ ͠ɺͲ͜ͰੵΜͰಉ͡StateͰཧͰ͖Δ Presenter Controller Repository(DB etc..) UseCase Domain
Set Scope A Set Scope B Set Scope C,D Set Scope E Set Scope F State[List[A,B,C,D,E,F], X] ͪΖΜɺෳͷRepositoryΛͬͯͦΕͧΕͰඞཁͳScope͕ηοτ͞ΕͨState͕खʹೖΓ ·͢ɻ
4 1 PrincipalStateͰཧ͍ͯ͠Δ HttpAdapterͷOperatorExtractorͱ͍͏JWTτʔΫϯ͔ΒOperatorIdΛExtract͢ΔॲཧͷதͰɺ PrincipalΛηοτ͍ͯ͠·͢ɻ ݱঢ়OperatorͷΈͰ͕͢ɺTokenͳͲ͜ͷํ๏ͰTokenId(?)ͳͲΛηοτ͠·͢ɻ _ <- AuthzIO.setPrincipal[R](operator.id.toPrincipalId)
4 2 runAuthzIO࣌ʹ ೝՄνΣοΫͷίϚϯυΛࠐΉ Runͷॲཧɺࣜʹରͯ͠Ұ͔͠ߦΘΕͳ͍ͷͰೝՄνΣοΫͷ໋ྩΛڬΉλΠϛϯάͱ͠ ͔ͯͳΓదͰ͢ɻ͜ΕʹΑͬͯԣஅతͳείʔϓͷνΣοΫΛҰͷॲཧͰޮతʹߦ͏͜ ͱ͕Ͱ͖·͢ɻ
4 3 ͋ͱೝՄνΣοΫͷίϚϯυ Λॲཧ͢Δ͚ͩ ೝՄRequestͷίϚϯυͰɺPrincipalIdͱScopeΛState͔ΒऔΓग़͠ɺPrincipalIdΛݩʹAuthzCtx͔Β AttachedPolicyΛऔಘ͠ɺScopeͱಥ߹͠ɺAllow/DenyΛఆ͠·͢ɻ RejectionͳͲͷॲཧ͋ΔͷͰׂͱෳࡶͰ͕͢ɺૄʹอ͍ͯͯ·͢ɻ(͜Ε͕֤ॴʹࢄΔͷׂͱ͋Γ͕ͪ…)
4 4 ɺॲཧΛͨ͠Γมߋ͢ΔͨͼʹೝՄΛҙࣝ͢Δඞཁ͕ͳ͘ ͳΓɺυϝΠϯϞσϧՃ࣌ʹ͚ͩҙࣝ͢ΕΑ͘ͳͬͨ υϝΠϯϞσϧՃ࣌ɺߟྀ͕࿙ΕͨΒίϯύΠϧΤϥʔͰݕ Ͱ͖ΔΑ͏ʹͳͬͨ(scala fi x࠷ߴ)
4 5 Ϙϒ͓͡͞Μ͕ʮηΩϡϦςΟΞϓϦέʔγϣϯಛ༗ͷؔ৺͝ ͱͰ͋ΓɺϏδωεΦϒδΣΫτ͜ͷ͜ͱʹ͍ͭͯҙࣝ͠ͳ ͍ʯతͳ͜ͱΛݴ͍ͬͯ·͕ͨ͠ɺݸਓతʹʮͦͷέʔε͋ Γɺͦ͏Ͱͳ͍έʔε͋Δʯͱߟ͍͑ͯ·͢ɻ
4 6 υϝΠϯϩδοΫͷذɺॲཧ༰ͦͷͷʹؔ༩͢Δέʔε ͱɺϏδωεΦϒδΣΫτ͕ҙࣝ͠ͳͯ͘ྑ͍Scopeͱ͍͏ܗͷ ྆ํΛόϥϯεΑ͘දݱͰ͖͍ͯΔ
4 7 ϑϩϯτͱͷΓͱΓ
4 8 ·ͣ FEͱBEͷೝՄͷϞνϕࠩʹ ͍ͭͯղઆ
4 9 BEͷೝՄͷϞνϕ - ೝՄઈରͷ੍ - ͜Ε͕कΒΕͳ͔ͬͨΒଈηΩϡϦςΟϦεΫ - ࠷ޙͷཁ
5 0 FEͷೝՄͷϞνϕ - ϢʔβʔͷೝෆՄΛԼ͛ɺମݧΛΑ͘͢ΔͨΊʹBEଆͰઃఆ͞Ε͍ͯΔೝՄใΛར༻͠ ͍ͨ - ࡉ͔͍ೝՄଐੑใΛΔඞཁͳ͘ɺʮΤϯυϙΠϯτ͕͚ͨͨΔݖݶΛ༗͢Δ͔൱͔ʯ ͘Β͍ͷཻͰ͔Εɺίϯϙʔωϯτͷඇ׆ੑԽʹ͑Δ -
࠷ѱɺඇ׆ੑԽ͞Εͳͯ͘BEଆͰೝՄΤϥʔͱͳΕOK
5 1 BEଆͰཧ͍ͯ͠Δࡉ͔͍ೝՄଐੑΛFEͰఆʹ͏ͱɺFE,BEͷ ີ݁߹ʹͭͳ͕ΓؾָʹೝՄଐੑΛมߋ͠ʹ͍͘ঢ়ଶʹͳΔɻ Կ͔Ұͭɺ͔·͍ͤͨ
5 2 ϑϩϯτଆ͕ղऍ͍͢͠ ܗʹೝՄใΛՃ͢Δ
5 3 SAT (Scalebase Authorization target)
5 4 ཁIAMͷScalebase൛Ͱ͢ - ΤϯυϙΠϯτͱ1-1ͰରԠ͢ΔrouteNameͱɺprincipalͷใΛදݱ͠·͢
5 5 SATͷ࡞Γํ
5 6 ΤϯυϙΠϯτΛՃ͢Δࡍʹ RPCΛఆٛ͢Δ ͜Ε·Ͱɺrequest,response͚ͩఆٛͯ͠·͕ͨ͠ɺrpcఆٛ͢ΔΑ͏ʹ͠·͢ɻ ͜ͷrpcͰBEͷRouteҰཡΛFEͱڞ༗͠·͢ɻ BEଆͰSATͷΈཱͯ࣌ʹར༻͠·͢ɻ
5 7 SATConverterͰม FEΦϖϨʔλʔʹඥ͍ͮͨSATΛOperatorPolicyAPIͰऔಘ͠ɺݖݶͷͳ͍ػೳͷಋઢΛඇ ׆ੑԽͨ͠Γ͠·͢ɻ ΤϯυϙΠϯτΛՃͨ͠ΒRPCͷϓϩόϑͱɺSATConverterΛ͍͡Δඞཁ͕͋ΔͷͰҙ ʢ͜ͷลࣗಈͰΑ͠ͳʹ͍ͨ͠ɾɾɾ͕ɺ࠷ѱ࿙ΕͯBEೝՄΤϥʔʹͳΔͷͰηΩϡϦ ςΟϦεΫʹͳΒͳ͍ʣ
5 8 ϑϩϯτଆͷରԠ ͻ·ͷ͕͋γϡοͱ͚ͭΒΕΔΑ͏ʹͯ͘͠Ε͍ͯΔɻ
5 9 ੍ޚ͍ͨ͠ίϯϙʔωϯτΛ PermissionͰғ͏͚ͩ https://www.notion.so/alpinc/ADR-1667a3385947474e926567413512cf91?p=252d0ed6f3634037b78b704e8ead87ba https://www.notion.so/alpinc/ADR-1667a3385947474e926567413512cf91?p=2c7e0b82c44646feb8f15ba6cc411a0e ৄ͍͍͠ํ👇👇👇
6 0 StorybookͰ֬ೝͰ͖ΔΑ͏ʹͳ͍ͬͯΔɻ Allowed/Denied ProviderΛఆٛ͢Δ͚ͩ
6 1 ࠓޙͷԠ༻
6 2 ResourceIdϑΟϧλͷޮԽ ͕݅ଟ͘ͳΔͱϑΟϧλΛΞϓϦଆͰΔͷ͔ͳΓඇޮͳͷͰɺDaoEffʹੵΈɺSQL ͷwhere۟ʹresoruceIdΛࠐΊΔΑ͏ʹ͍ͨ͠
6 3 PresenterͷEffԽ PresenterΛEffʹੵΉͱɺPresenterͷॲཧͰAuthz͕γʔϜϨεʹར༻Ͱ͖ΔΑ͏ʹͳΔͷ Ͱɺͨͱ͑ʮಛఆͷใΛϚεΫ͍ͨ͠ʯͳͲͷཁ݅ʹ؆୯ʹରԠͰ͖ΔΑ͏ʹͳΓ· ͢ɻཁ͕݅ग़͖ͯͨΒ͍͖͍ͬͯͨɻ
6 4 ݖݶཧը໘ ݖݶཧը໘ɺ݁ߏΉ͍ͣɻϑϩϯτʹೝՄͷৄࡉΛ͑Δඞཁ͕ͳ͍ͷͰSATΛ༻ҙ͠· ͕ͨ͠ɺOperatorʹࡉ͔͑͘Δඞཁ͕͋Δɻ AWSͷIAMΤσΟλΛࢀߟʹ࡞͍͖͍͍͍͍͍ͬͯͨɻʢݱঢ়ɺOperator࡞࣌ʹͳΜͰͰ ͖ΔݖݶΛ༩͍ͯ͠Δ + όονͰݖݶՃͰ͖ΔΑ͏ʹ͍ͯ͠·͢ɻʣ
6 5 ࠷ޙʹ
6 6 ·ͩվળͷ༨͋Δ͕ɺ ͔ͳΓ͍͍ײ͡ʹ࡞Εͨ
6 7
6 8 ͝ਗ਼ௌ͋Γ͕ͱ͏͍͟͝·ͨ͠