Segregation of Duties for Cursor

Segregation of duties is compromised when a single set of credentials is used to run Cursor queries across production and development environments, creating a hidden cost: if one engineer can both write and approve data‑modifying statements, a mistake or malicious action can corrupt critical tables without any trace. The lack of role separation also makes it impossible to prove who performed a change, exposing teams to regulatory penalties and eroding trust. When a breach occurs, the effort to untangle who did what can double the incident response time and increase the financial impact of downtime.

Current practice and its gaps

Most teams treat Cursor like any other database client. A service account or shared password lives in a configuration file, and anyone with access to the repository can connect, run arbitrary SELECT, UPDATE, or DELETE statements, and push code that executes those statements in production pipelines. Because the credential is static, revoking a single user’s access does not prevent that user from reusing the secret that is already embedded in long‑running jobs or CI runners. There is no built‑in audit log that records each query, no workflow that forces a senior engineer to approve a schema change, and no mechanism to hide sensitive columns from junior developers.

This pattern satisfies the need to get data quickly, but it violates the core principle of segregation of duties: separating the roles of data creator, reviewer, and executor. The request still travels directly to the underlying database, bypassing any checkpoint that could enforce who is allowed to run which statement. Without an enforcement point, the organization cannot enforce least‑privilege, cannot capture evidence for auditors, and cannot prevent accidental data loss.

What segregation of duties requires

To achieve true segregation, an environment must enforce three things: (1) identity‑driven decisions that determine which user may initiate a Cursor session, (2) a gateway that sits on the request path and can apply policy checks before the query reaches the database, and (3) immutable records that show who asked for what, who approved it, and what the database returned. The first piece – provisioning service accounts, configuring OIDC tokens, and assigning group memberships – is a setup activity. It decides who may start a request, but on its own it does not stop a privileged user from running a destructive command.

The missing piece is a data‑path enforcement layer. Without it, the request still reaches the database directly, there is no real‑time approval workflow, no inline masking of sensitive fields, and no session recording. In other words, the segregation goal remains aspirational.

Putting hoop.dev in the data path

hoop.dev acts as a layer‑7 gateway that sits between the Cursor client and the database. When a user authenticates via OIDC, hoop.dev validates the token, extracts group membership, and then proxies the Cursor protocol. Because the gateway is the only place the traffic passes, hoop.dev can enforce segregation of duties policies in real time.

Continue reading? Get the full guide.

DPoP (Demonstration of Proof-of-Possession) + Cursor / AI IDE Security: Architecture Patterns & Best Practices

Free. No spam. Unsubscribe anytime.

Setup

The organization creates distinct OIDC groups – for example, cursor‑readers and cursor‑writers. Service accounts are provisioned with the minimum permissions needed to connect to the database, but they never hold the database password themselves. hoop.dev reads the group claims and decides whether the incoming request is allowed to proceed.

The data path

All Cursor traffic is forced through hoop.dev. The gateway inspects each SQL statement, matches it against policy rules, and either forwards it, blocks it, or routes it for human approval. Because the enforcement happens where the request is proxied, a malicious or careless user cannot bypass the checks by connecting directly to the database.

Enforcement outcomes

hoop.dev records every Cursor session, including the full query, the approving reviewer (if any), and the result set. It can mask columns that contain personally identifiable information before they reach a junior analyst, and it can replay a session for forensic analysis. These outcomes exist only because hoop.dev sits in the data path; removing it would eliminate the audit trail, the masking, and the approval workflow.

Getting started

To try this pattern, follow the hoop.dev getting started guide and review the feature documentation for policy configuration. The open‑source repository contains example policies for Cursor that demonstrate read‑only, write‑only, and approval‑required roles.

FAQ

Does hoop.dev replace the database’s own authentication?

No. hoop.dev validates the user’s OIDC token and then uses its own service credential to connect to the database. The database still enforces its own access controls, providing defense in depth.

Can I still use existing CI pipelines that run Cursor queries?

Yes. CI jobs can obtain an OIDC token from the pipeline’s identity provider, and hoop.dev will proxy the queries while applying the same segregation policies as interactive users.

What happens if a query is blocked?

hoop.dev returns an error to the client indicating the policy violation and logs the attempt. The blocked query is never sent to the database, preserving data integrity.

Explore the source code and contribute on GitHub.