5. Users (Console / API / Mobile)
2 user type · 9 role · mobile device 의 secure enclave hostUser Type 2 종
user-roles.md, p.1: 사용자 유형은 Console user / API user 2 종. 권한 매트릭스는 동일한 9 role 사용. 인증·자격증명·자동화 표면이 다름.
| Console User | API User | |
|---|---|---|
| 인증 | email + (password 또는 SSO via IdP) + TOTP 2FA 필수 | CSR/X.509 (RSA 4096) + API key |
| 인터페이스 | Fireblocks Console (Web) | REST API / SDK / API Co-signer |
| Mobile device 의존 | 일부 role (Owner/Admin/NSA/Signer/Approver/Security Admin) | — |
| IP 제한 | workspace-level IP allowlisting (Owner-only) | per-API-user IP allowlist (/32 CIDR) |
Unified users 테이블
CREATE TABLE users (
id BINARY(16) PRIMARY KEY,
workspace_id BINARY(16) NOT NULL,
type ENUM('console', 'api') NOT NULL,
role_id VARCHAR(32) NOT NULL, -- 9 role
status ENUM('pending', 'active', 'deleted') NOT NULL,
first_name VARCHAR(64),
last_name VARCHAR(64),
email VARCHAR(255), -- workspace 내 UNIQUE
created_by_user_id BINARY(16) NOT NULL,
created_at DATETIME(6) NOT NULL,
activated_at DATETIME(6), -- initial setup 완료
deleted_at DATETIME(6), -- soft delete (audit 위해 row 유지)
UNIQUE KEY (workspace_id, email),
KEY (workspace_id, type, status)
);
-- Console user 의 SSO / password 정보는 외부 (IdP / Auth0). DB 는 email + type 만.
-- 본 테이블에는 password hash 저장 X. SSO 사용 시 IdP 가 password 관리.API User Lifecycle (Stage 4)
| Event | Actor | 승인 | 비고 |
|---|---|---|---|
| Add | O / A / NSA | Owner + Admin Quorum (Console user 와 same flow) | CSR 생성 (RSA 4096) → Console 에서 upload + Co-signer setup |
| Re-enroll | "Admin-level users" | Owner approval + key share approval | Trigger: 초기 Co-signer setup 오류 / 페어링 / Callback Handler 변경. Pairing token 1시간 유효 |
| Rename | "Admin-level users" | Owner + Admin Quorum | API key 불변 |
| Delete | Owner 단독 | 즉시, mobile approval 불요 | API key 즉시 invalid → in-flight tx 실패, 새 서명 거부. Co-signer 페어링 잔존 (별도 unpair 작업) |
Mobile Device — Primary MPC Share Host (★ Stage 5)
about-the-fireblocks-mobile-app.md, p.1: MPC key share 는 device 의 secure enclave 에 보관 (hardware-encrypted). iCloud / Google Cloud 백업 불가.
CREATE TABLE mobile_devices (
id BINARY(16) PRIMARY KEY,
user_id BINARY(16) NOT NULL,
device_uuid VARCHAR(128) NOT NULL,
platform ENUM('ios', 'android') NOT NULL,
enclave_pubkey BLOB NOT NULL, -- secure enclave attested pubkey
app_version VARCHAR(32) NOT NULL,
registered_at DATETIME(6) NOT NULL,
re_enrolled_at DATETIME(6),
uninstalled_at DATETIME(6), -- 비가역적 (recovery 필요)
KEY (user_id),
UNIQUE KEY (device_uuid)
);
-- mobile device 의 lifecycle 이벤트 (append-only)
CREATE TABLE mobile_device_events (
id BINARY(16) PRIMARY KEY,
device_id BINARY(16) NOT NULL,
event_type ENUM('registered', 're-enrolled', 'migrated',
'uninstalled', 'biometric-changed') NOT NULL,
owner_approval_at DATETIME(6), -- 2-day window 1
user_approval_at DATETIME(6), -- 2-day window 2
occurred_at DATETIME(6) NOT NULL
);3 비밀 Layer
- PIN: mobile app 잠금 해제
- Mobile app passphrase: app-level 추가 잠금
- Recovery passphrase: cloud backup 의 암호화 키 (→ 12. Recovery)
Device Migration (Stage 5)
device-migration.md, p.2: 사용자 본인 self-service, 관리자 승인 없이 PIN + passphrase + biometric 3중 인증.
Linked Users / Linked Workspaces
한 mobile device 에 multiple users / workspaces 가 linked 가능. 각각 별도 재등록 필요.
CREATE TABLE device_user_links (
device_id BINARY(16) NOT NULL,
user_id BINARY(16) NOT NULL,
workspace_id BINARY(16) NOT NULL,
linked_at DATETIME(6) NOT NULL,
PRIMARY KEY (device_id, user_id),
KEY (workspace_id)
);Uninstall 비가역성
- 일반 user: re-download + re-enroll 로 회복
- Owner: Key Share Recovery 필수 (단순 재설치로 회복 불가)