Normalize lab docs and keep reusable TNS alias
Some checks failed
Repo Quality / structure (push) Has been cancelled

This commit is contained in:
2026-05-18 11:30:35 -03:00
parent b8d6de0fb5
commit 2188ea8e58
17 changed files with 67 additions and 28 deletions

View File

@@ -23,7 +23,7 @@ After Oracle Deep Data Security is enabled, the database enforces data grants on
Run shell commands from the repository root: Run shell commands from the repository root:
```bash ```bash
cd ~/DEEP-DATA-SECURITY/oracle-deep-data-security-lab cd <repo-root>
``` ```
Connect with SQLcl: Connect with SQLcl:
@@ -171,3 +171,6 @@ Oracle Deep Data Security reduces the risk of AI prompt injection and overprivil
See [RUNBOOK.md](RUNBOOK.md) for deeper technical notes, expected evidence, and official Oracle documentation references. See [RUNBOOK.md](RUNBOOK.md) for deeper technical notes, expected evidence, and official Oracle documentation references.
For a LiveLabs-style guided workshop, use [WORKSHOP.md](WORKSHOP.md). For a LiveLabs-style guided workshop, use [WORKSHOP.md](WORKSHOP.md).
Connection alias note: ddslab_tunnel is the TNS alias configured in the wallet `tnsnames.ora` for this lab. If your wallet uses another alias, replace ddslab_tunnel with your own service alias.

View File

@@ -89,3 +89,6 @@ Show that an AI agent or dynamic SQL path may allow a business user to query sen
- Fine-Grained Data Authorization: https://docs.oracle.com/en/database/oracle/oracle-database/26/ddscg/fine-grained-data-authorization.html - Fine-Grained Data Authorization: https://docs.oracle.com/en/database/oracle/oracle-database/26/ddscg/fine-grained-data-authorization.html
- Create Data Grants: https://docs.oracle.com/en/database/oracle/oracle-database/26/ddscg/create-data-grants.html - Create Data Grants: https://docs.oracle.com/en/database/oracle/oracle-database/26/ddscg/create-data-grants.html
- CREATE DATA GRANT SQL Reference: https://docs.oracle.com/en/database/oracle/oracle-database/26/sqlrf/create-data-grant.html - CREATE DATA GRANT SQL Reference: https://docs.oracle.com/en/database/oracle/oracle-database/26/sqlrf/create-data-grant.html
Connection alias note: ddslab_tunnel is the TNS alias configured in the wallet `tnsnames.ora` for this lab. If your wallet uses another alias, replace ddslab_tunnel with your own service alias.

View File

@@ -43,13 +43,16 @@ Only authorized rows and columns are returned
## Before You Begin ## Before You Begin
```bash ```bash
cd ~/DEEP-DATA-SECURITY/oracle-deep-data-security-lab cd <repo-root>
export TNS_ADMIN=~/DEEP-DATA-SECURITY/wallet-ddslab export TNS_ADMIN=<wallet-directory>
sql admin@ddslab_tunnel sql admin@ddslab_tunnel
``` ```
SQLcl note: after running `@file.sql`, do not type `/`; it reruns the previous command. SQLcl note: after running `@file.sql`, do not type `/`; it reruns the previous command.
Connection alias note: ddslab_tunnel is the TNS alias configured in the wallet `tnsnames.ora` for this lab. If your wallet uses another alias, replace ddslab_tunnel with your own service alias.
## Lab 1 - Prepare The Environment ## Lab 1 - Prepare The Environment
### Task 1.1 - Reset The Scenario ### Task 1.1 - Reset The Scenario

View File

@@ -19,8 +19,8 @@ Before Oracle Deep Data Security, a technical account or connection pool can que
Run SQL scripts from the repository root. On Linux/macOS/WSL: Run SQL scripts from the repository root. On Linux/macOS/WSL:
```bash ```bash
cd ~/DEEP-DATA-SECURITY/oracle-deep-data-security-lab cd <repo-root>
export TNS_ADMIN=~/DEEP-DATA-SECURITY/wallet-ddslab export TNS_ADMIN=<wallet-directory>
``` ```
Connect as the lab administrator: Connect as the lab administrator:
@@ -31,10 +31,13 @@ sql admin@ddslab_tunnel
SQLcl note: when running a script with `@file.sql`, press Enter once and wait for the output. Do not type `/` afterward, because `/` reruns the last command in the SQLcl buffer. SQLcl note: when running a script with `@file.sql`, press Enter once and wait for the output. Do not type `/` afterward, because `/` reruns the last command in the SQLcl buffer.
Connection alias note: ddslab_tunnel is the TNS alias configured in the wallet `tnsnames.ora` for this lab. If your wallet uses another alias, replace ddslab_tunnel with your own service alias.
On Windows PowerShell: On Windows PowerShell:
```powershell ```powershell
cd C:\Users\rodrigo\Documents\Codex\oracle-deep-data-security-lab cd <repo-root>
sql admin@ddslab_tunnel sql admin@ddslab_tunnel
``` ```

View File

@@ -21,8 +21,8 @@ Show that a shared technical application account should not be the real data aut
1. From the repository root, connect as `ADMIN`: 1. From the repository root, connect as `ADMIN`:
```bash ```bash
cd ~/DEEP-DATA-SECURITY/oracle-deep-data-security-lab cd <repo-root>
export TNS_ADMIN=~/DEEP-DATA-SECURITY/wallet-ddslab export TNS_ADMIN=<wallet-directory>
sql admin@ddslab_tunnel sql admin@ddslab_tunnel
``` ```
@@ -30,6 +30,9 @@ Show that a shared technical application account should not be the real data aut
SQLcl note: after running a script with `@file.sql`, do not type `/`. The slash reruns the last command in the SQLcl buffer and can make a successful command look like an error. SQLcl note: after running a script with `@file.sql`, do not type `/`. The slash reruns the last command in the SQLcl buffer and can make a successful command look like an error.
Connection alias note: ddslab_tunnel is the TNS alias configured in the wallet `tnsnames.ora` for this lab. If your wallet uses another alias, replace ddslab_tunnel with your own service alias.
2. Reset the scenario: 2. Reset the scenario:
```sql ```sql

View File

@@ -39,13 +39,16 @@ End user -> application connection pool -> DDS_APP database session
## Before You Begin ## Before You Begin
```bash ```bash
cd ~/DEEP-DATA-SECURITY/oracle-deep-data-security-lab cd <repo-root>
export TNS_ADMIN=~/DEEP-DATA-SECURITY/wallet-ddslab export TNS_ADMIN=<wallet-directory>
sql admin@ddslab_tunnel sql admin@ddslab_tunnel
``` ```
SQLcl note: after running `@file.sql`, do not type `/`; it reruns the previous command. SQLcl note: after running `@file.sql`, do not type `/`; it reruns the previous command.
Connection alias note: ddslab_tunnel is the TNS alias configured in the wallet `tnsnames.ora` for this lab. If your wallet uses another alias, replace ddslab_tunnel with your own service alias.
## Lab 1 - Prepare The Environment ## Lab 1 - Prepare The Environment
### Task 1.1 - Reset The Scenario ### Task 1.1 - Reset The Scenario

View File

@@ -19,7 +19,7 @@ Before Oracle Deep Data Security, a broad query can expose employee records, SSN
Run commands from the repository root: Run commands from the repository root:
```powershell ```powershell
cd C:\Users\rodrigo\Documents\Codex\oracle-deep-data-security-lab cd <repo-root>
``` ```
Connect to the database with SQLcl or SQL*Plus: Connect to the database with SQLcl or SQL*Plus:

View File

@@ -25,13 +25,16 @@ This workshop demonstrates fine-grained access to employee PII. Before DDS, broa
## Before You Begin ## Before You Begin
```bash ```bash
cd ~/DEEP-DATA-SECURITY/oracle-deep-data-security-lab cd <repo-root>
export TNS_ADMIN=~/DEEP-DATA-SECURITY/wallet-ddslab export TNS_ADMIN=<wallet-directory>
sql admin@ddslab_tunnel sql admin@ddslab_tunnel
``` ```
SQLcl note: after running `@file.sql`, do not type `/`. SQLcl note: after running `@file.sql`, do not type `/`.
Connection alias note: ddslab_tunnel is the TNS alias configured in the wallet `tnsnames.ora` for this lab. If your wallet uses another alias, replace ddslab_tunnel with your own service alias.
## Lab 1 - Prepare The Environment ## Lab 1 - Prepare The Environment
### Task 1.1 - Reset The Scenario ### Task 1.1 - Reset The Scenario

View File

@@ -18,7 +18,7 @@ Before Oracle Deep Data Security, a legacy view can expose rows that should be p
Run commands from the repository root: Run commands from the repository root:
```powershell ```powershell
cd C:\Users\rodrigo\Documents\Codex\oracle-deep-data-security-lab cd <repo-root>
``` ```
Connect to the database with SQLcl or SQL*Plus: Connect to the database with SQLcl or SQL*Plus:

View File

@@ -25,13 +25,16 @@ This workshop demonstrates why access rules should be enforced on the protected
## Before You Begin ## Before You Begin
```bash ```bash
cd ~/DEEP-DATA-SECURITY/oracle-deep-data-security-lab cd <repo-root>
export TNS_ADMIN=~/DEEP-DATA-SECURITY/wallet-ddslab export TNS_ADMIN=<wallet-directory>
sql admin@ddslab_tunnel sql admin@ddslab_tunnel
``` ```
SQLcl note: after running `@file.sql`, do not type `/`. SQLcl note: after running `@file.sql`, do not type `/`.
Connection alias note: ddslab_tunnel is the TNS alias configured in the wallet `tnsnames.ora` for this lab. If your wallet uses another alias, replace ddslab_tunnel with your own service alias.
## Lab 1 - Prepare The Environment ## Lab 1 - Prepare The Environment
### Task 1.1 - Reset The Scenario ### Task 1.1 - Reset The Scenario

View File

@@ -22,7 +22,7 @@ Before Oracle Deep Data Security, an AI agent connected to the same legacy schem
Run commands from the repository root: Run commands from the repository root:
```powershell ```powershell
cd C:\Users\rodrigo\Documents\Codex\oracle-deep-data-security-lab cd <repo-root>
``` ```
Connect to the database with SQLcl or SQL*Plus: Connect to the database with SQLcl or SQL*Plus:

View File

@@ -29,13 +29,16 @@ Before DDS, the AI agent can reuse broad legacy privileges and combine customer,
## Before You Begin ## Before You Begin
```bash ```bash
cd ~/DEEP-DATA-SECURITY/oracle-deep-data-security-lab cd <repo-root>
export TNS_ADMIN=~/DEEP-DATA-SECURITY/wallet-ddslab export TNS_ADMIN=<wallet-directory>
sql admin@ddslab_tunnel sql admin@ddslab_tunnel
``` ```
SQLcl note: after running `@file.sql`, do not type `/`. SQLcl note: after running `@file.sql`, do not type `/`.
Connection alias note: ddslab_tunnel is the TNS alias configured in the wallet `tnsnames.ora` for this lab. If your wallet uses another alias, replace ddslab_tunnel with your own service alias.
## Lab 1 - Prepare The Environment ## Lab 1 - Prepare The Environment
### Task 1.1 - Reset The Scenario ### Task 1.1 - Reset The Scenario

View File

@@ -20,8 +20,8 @@ Before Oracle Deep Data Security, vector search can retrieve confidential HR, le
Run SQL scripts from the repository root. On Linux/macOS/WSL: Run SQL scripts from the repository root. On Linux/macOS/WSL:
```bash ```bash
cd ~/DEEP-DATA-SECURITY/oracle-deep-data-security-lab cd <repo-root>
export TNS_ADMIN=~/DEEP-DATA-SECURITY/wallet-ddslab export TNS_ADMIN=<wallet-directory>
``` ```
Connect as the lab administrator: Connect as the lab administrator:
@@ -34,6 +34,9 @@ This scenario uses the `VECTOR` type, `TO_VECTOR`, and `VECTOR_DISTANCE`. Use a
SQLcl note: when running a script with `@file.sql`, press Enter once and wait for the output. Do not type `/` afterward, because `/` reruns the last command in the SQLcl buffer. SQLcl note: when running a script with `@file.sql`, press Enter once and wait for the output. Do not type `/` afterward, because `/` reruns the last command in the SQLcl buffer.
Connection alias note: ddslab_tunnel is the TNS alias configured in the wallet `tnsnames.ora` for this lab. If your wallet uses another alias, replace ddslab_tunnel with your own service alias.
## Step By Step - Before, Vulnerable Environment ## Step By Step - Before, Vulnerable Environment
1. Reset the scenario as `ADMIN`: 1. Reset the scenario as `ADMIN`:

View File

@@ -21,8 +21,8 @@ Show that a RAG agent retrieves only authorized chunks/documents before sending
1. From the repository root, connect as `ADMIN`: 1. From the repository root, connect as `ADMIN`:
```bash ```bash
cd ~/DEEP-DATA-SECURITY/oracle-deep-data-security-lab cd <repo-root>
export TNS_ADMIN=~/DEEP-DATA-SECURITY/wallet-ddslab export TNS_ADMIN=<wallet-directory>
sql admin@ddslab_tunnel sql admin@ddslab_tunnel
``` ```
@@ -30,6 +30,9 @@ Show that a RAG agent retrieves only authorized chunks/documents before sending
SQLcl note: after running a script with `@file.sql`, do not type `/`. The slash reruns the last command in the SQLcl buffer and can make a successful command look like an error. SQLcl note: after running a script with `@file.sql`, do not type `/`. The slash reruns the last command in the SQLcl buffer and can make a successful command look like an error.
Connection alias note: ddslab_tunnel is the TNS alias configured in the wallet `tnsnames.ora` for this lab. If your wallet uses another alias, replace ddslab_tunnel with your own service alias.
2. Reset the scenario: 2. Reset the scenario:
```sql ```sql

View File

@@ -81,8 +81,8 @@ Only authorized chunks are sent to the LLM
Run all commands from the repository root: Run all commands from the repository root:
```bash ```bash
cd ~/DEEP-DATA-SECURITY/oracle-deep-data-security-lab cd <repo-root>
export TNS_ADMIN=~/DEEP-DATA-SECURITY/wallet-ddslab export TNS_ADMIN=<wallet-directory>
``` ```
Connect as the lab administrator: Connect as the lab administrator:
@@ -93,6 +93,9 @@ sql admin@ddslab_tunnel
SQLcl note: when you run a script with `@file.sql`, press Enter once and wait for the output. Do not type `/` afterward; `/` reruns the last command in the SQLcl buffer. SQLcl note: when you run a script with `@file.sql`, press Enter once and wait for the output. Do not type `/` afterward; `/` reruns the last command in the SQLcl buffer.
Connection alias note: ddslab_tunnel is the TNS alias configured in the wallet `tnsnames.ora` for this lab. If your wallet uses another alias, replace ddslab_tunnel with your own service alias.
## Lab 1 - Prepare The Environment ## Lab 1 - Prepare The Environment
### Task 1.1 - Reset The Scenario ### Task 1.1 - Reset The Scenario

View File

@@ -19,7 +19,7 @@ Before the controls are applied, a payments table can be queried without a clear
Run SQL commands from the repository root: Run SQL commands from the repository root:
```powershell ```powershell
cd C:\Users\rodrigo\Documents\Codex\oracle-deep-data-security-lab cd <repo-root>
``` ```
Connect to the database with SQLcl or SQL*Plus: Connect to the database with SQLcl or SQL*Plus:

View File

@@ -30,13 +30,16 @@ Before controls, a payment operator can query payment tokens through broad acces
## Before You Begin ## Before You Begin
```bash ```bash
cd ~/DEEP-DATA-SECURITY/oracle-deep-data-security-lab cd <repo-root>
export TNS_ADMIN=~/DEEP-DATA-SECURITY/wallet-ddslab export TNS_ADMIN=<wallet-directory>
sql admin@ddslab_tunnel sql admin@ddslab_tunnel
``` ```
SQLcl note: after running `@file.sql`, do not type `/`. SQLcl note: after running `@file.sql`, do not type `/`.
Connection alias note: ddslab_tunnel is the TNS alias configured in the wallet `tnsnames.ora` for this lab. If your wallet uses another alias, replace ddslab_tunnel with your own service alias.
## Lab 1 - Prepare The Environment ## Lab 1 - Prepare The Environment
### Task 1.1 - Reset The Scenario ### Task 1.1 - Reset The Scenario