Normalize lab docs and keep reusable TNS alias
Some checks failed
Repo Quality / structure (push) Has been cancelled
Some checks failed
Repo Quality / structure (push) Has been cancelled
This commit is contained in:
@@ -23,7 +23,7 @@ After Oracle Deep Data Security is enabled, the database enforces data grants on
|
||||
Run shell commands from the repository root:
|
||||
|
||||
```bash
|
||||
cd ~/DEEP-DATA-SECURITY/oracle-deep-data-security-lab
|
||||
cd <repo-root>
|
||||
```
|
||||
|
||||
Connect with SQLcl:
|
||||
@@ -171,3 +171,6 @@ Oracle Deep Data Security reduces the risk of AI prompt injection and overprivil
|
||||
See [RUNBOOK.md](RUNBOOK.md) for deeper technical notes, expected evidence, and official Oracle documentation references.
|
||||
|
||||
For a LiveLabs-style guided workshop, use [WORKSHOP.md](WORKSHOP.md).
|
||||
|
||||
|
||||
Connection alias note: ddslab_tunnel is the TNS alias configured in the wallet `tnsnames.ora` for this lab. If your wallet uses another alias, replace ddslab_tunnel with your own service alias.
|
||||
|
||||
@@ -89,3 +89,6 @@ Show that an AI agent or dynamic SQL path may allow a business user to query sen
|
||||
- Fine-Grained Data Authorization: https://docs.oracle.com/en/database/oracle/oracle-database/26/ddscg/fine-grained-data-authorization.html
|
||||
- Create Data Grants: https://docs.oracle.com/en/database/oracle/oracle-database/26/ddscg/create-data-grants.html
|
||||
- CREATE DATA GRANT SQL Reference: https://docs.oracle.com/en/database/oracle/oracle-database/26/sqlrf/create-data-grant.html
|
||||
|
||||
|
||||
Connection alias note: ddslab_tunnel is the TNS alias configured in the wallet `tnsnames.ora` for this lab. If your wallet uses another alias, replace ddslab_tunnel with your own service alias.
|
||||
|
||||
@@ -43,13 +43,16 @@ Only authorized rows and columns are returned
|
||||
## Before You Begin
|
||||
|
||||
```bash
|
||||
cd ~/DEEP-DATA-SECURITY/oracle-deep-data-security-lab
|
||||
export TNS_ADMIN=~/DEEP-DATA-SECURITY/wallet-ddslab
|
||||
cd <repo-root>
|
||||
export TNS_ADMIN=<wallet-directory>
|
||||
sql admin@ddslab_tunnel
|
||||
```
|
||||
|
||||
SQLcl note: after running `@file.sql`, do not type `/`; it reruns the previous command.
|
||||
|
||||
|
||||
Connection alias note: ddslab_tunnel is the TNS alias configured in the wallet `tnsnames.ora` for this lab. If your wallet uses another alias, replace ddslab_tunnel with your own service alias.
|
||||
|
||||
## Lab 1 - Prepare The Environment
|
||||
|
||||
### Task 1.1 - Reset The Scenario
|
||||
|
||||
@@ -19,8 +19,8 @@ Before Oracle Deep Data Security, a technical account or connection pool can que
|
||||
Run SQL scripts from the repository root. On Linux/macOS/WSL:
|
||||
|
||||
```bash
|
||||
cd ~/DEEP-DATA-SECURITY/oracle-deep-data-security-lab
|
||||
export TNS_ADMIN=~/DEEP-DATA-SECURITY/wallet-ddslab
|
||||
cd <repo-root>
|
||||
export TNS_ADMIN=<wallet-directory>
|
||||
```
|
||||
|
||||
Connect as the lab administrator:
|
||||
@@ -31,10 +31,13 @@ sql admin@ddslab_tunnel
|
||||
|
||||
SQLcl note: when running a script with `@file.sql`, press Enter once and wait for the output. Do not type `/` afterward, because `/` reruns the last command in the SQLcl buffer.
|
||||
|
||||
|
||||
Connection alias note: ddslab_tunnel is the TNS alias configured in the wallet `tnsnames.ora` for this lab. If your wallet uses another alias, replace ddslab_tunnel with your own service alias.
|
||||
|
||||
On Windows PowerShell:
|
||||
|
||||
```powershell
|
||||
cd C:\Users\rodrigo\Documents\Codex\oracle-deep-data-security-lab
|
||||
cd <repo-root>
|
||||
sql admin@ddslab_tunnel
|
||||
```
|
||||
|
||||
|
||||
@@ -21,8 +21,8 @@ Show that a shared technical application account should not be the real data aut
|
||||
1. From the repository root, connect as `ADMIN`:
|
||||
|
||||
```bash
|
||||
cd ~/DEEP-DATA-SECURITY/oracle-deep-data-security-lab
|
||||
export TNS_ADMIN=~/DEEP-DATA-SECURITY/wallet-ddslab
|
||||
cd <repo-root>
|
||||
export TNS_ADMIN=<wallet-directory>
|
||||
sql admin@ddslab_tunnel
|
||||
```
|
||||
|
||||
@@ -30,6 +30,9 @@ Show that a shared technical application account should not be the real data aut
|
||||
|
||||
SQLcl note: after running a script with `@file.sql`, do not type `/`. The slash reruns the last command in the SQLcl buffer and can make a successful command look like an error.
|
||||
|
||||
|
||||
Connection alias note: ddslab_tunnel is the TNS alias configured in the wallet `tnsnames.ora` for this lab. If your wallet uses another alias, replace ddslab_tunnel with your own service alias.
|
||||
|
||||
2. Reset the scenario:
|
||||
|
||||
```sql
|
||||
|
||||
@@ -39,13 +39,16 @@ End user -> application connection pool -> DDS_APP database session
|
||||
## Before You Begin
|
||||
|
||||
```bash
|
||||
cd ~/DEEP-DATA-SECURITY/oracle-deep-data-security-lab
|
||||
export TNS_ADMIN=~/DEEP-DATA-SECURITY/wallet-ddslab
|
||||
cd <repo-root>
|
||||
export TNS_ADMIN=<wallet-directory>
|
||||
sql admin@ddslab_tunnel
|
||||
```
|
||||
|
||||
SQLcl note: after running `@file.sql`, do not type `/`; it reruns the previous command.
|
||||
|
||||
|
||||
Connection alias note: ddslab_tunnel is the TNS alias configured in the wallet `tnsnames.ora` for this lab. If your wallet uses another alias, replace ddslab_tunnel with your own service alias.
|
||||
|
||||
## Lab 1 - Prepare The Environment
|
||||
|
||||
### Task 1.1 - Reset The Scenario
|
||||
|
||||
@@ -19,7 +19,7 @@ Before Oracle Deep Data Security, a broad query can expose employee records, SSN
|
||||
Run commands from the repository root:
|
||||
|
||||
```powershell
|
||||
cd C:\Users\rodrigo\Documents\Codex\oracle-deep-data-security-lab
|
||||
cd <repo-root>
|
||||
```
|
||||
|
||||
Connect to the database with SQLcl or SQL*Plus:
|
||||
|
||||
@@ -25,13 +25,16 @@ This workshop demonstrates fine-grained access to employee PII. Before DDS, broa
|
||||
## Before You Begin
|
||||
|
||||
```bash
|
||||
cd ~/DEEP-DATA-SECURITY/oracle-deep-data-security-lab
|
||||
export TNS_ADMIN=~/DEEP-DATA-SECURITY/wallet-ddslab
|
||||
cd <repo-root>
|
||||
export TNS_ADMIN=<wallet-directory>
|
||||
sql admin@ddslab_tunnel
|
||||
```
|
||||
|
||||
SQLcl note: after running `@file.sql`, do not type `/`.
|
||||
|
||||
|
||||
Connection alias note: ddslab_tunnel is the TNS alias configured in the wallet `tnsnames.ora` for this lab. If your wallet uses another alias, replace ddslab_tunnel with your own service alias.
|
||||
|
||||
## Lab 1 - Prepare The Environment
|
||||
|
||||
### Task 1.1 - Reset The Scenario
|
||||
|
||||
@@ -18,7 +18,7 @@ Before Oracle Deep Data Security, a legacy view can expose rows that should be p
|
||||
Run commands from the repository root:
|
||||
|
||||
```powershell
|
||||
cd C:\Users\rodrigo\Documents\Codex\oracle-deep-data-security-lab
|
||||
cd <repo-root>
|
||||
```
|
||||
|
||||
Connect to the database with SQLcl or SQL*Plus:
|
||||
|
||||
@@ -25,13 +25,16 @@ This workshop demonstrates why access rules should be enforced on the protected
|
||||
## Before You Begin
|
||||
|
||||
```bash
|
||||
cd ~/DEEP-DATA-SECURITY/oracle-deep-data-security-lab
|
||||
export TNS_ADMIN=~/DEEP-DATA-SECURITY/wallet-ddslab
|
||||
cd <repo-root>
|
||||
export TNS_ADMIN=<wallet-directory>
|
||||
sql admin@ddslab_tunnel
|
||||
```
|
||||
|
||||
SQLcl note: after running `@file.sql`, do not type `/`.
|
||||
|
||||
|
||||
Connection alias note: ddslab_tunnel is the TNS alias configured in the wallet `tnsnames.ora` for this lab. If your wallet uses another alias, replace ddslab_tunnel with your own service alias.
|
||||
|
||||
## Lab 1 - Prepare The Environment
|
||||
|
||||
### Task 1.1 - Reset The Scenario
|
||||
|
||||
@@ -22,7 +22,7 @@ Before Oracle Deep Data Security, an AI agent connected to the same legacy schem
|
||||
Run commands from the repository root:
|
||||
|
||||
```powershell
|
||||
cd C:\Users\rodrigo\Documents\Codex\oracle-deep-data-security-lab
|
||||
cd <repo-root>
|
||||
```
|
||||
|
||||
Connect to the database with SQLcl or SQL*Plus:
|
||||
|
||||
@@ -29,13 +29,16 @@ Before DDS, the AI agent can reuse broad legacy privileges and combine customer,
|
||||
## Before You Begin
|
||||
|
||||
```bash
|
||||
cd ~/DEEP-DATA-SECURITY/oracle-deep-data-security-lab
|
||||
export TNS_ADMIN=~/DEEP-DATA-SECURITY/wallet-ddslab
|
||||
cd <repo-root>
|
||||
export TNS_ADMIN=<wallet-directory>
|
||||
sql admin@ddslab_tunnel
|
||||
```
|
||||
|
||||
SQLcl note: after running `@file.sql`, do not type `/`.
|
||||
|
||||
|
||||
Connection alias note: ddslab_tunnel is the TNS alias configured in the wallet `tnsnames.ora` for this lab. If your wallet uses another alias, replace ddslab_tunnel with your own service alias.
|
||||
|
||||
## Lab 1 - Prepare The Environment
|
||||
|
||||
### Task 1.1 - Reset The Scenario
|
||||
|
||||
@@ -20,8 +20,8 @@ Before Oracle Deep Data Security, vector search can retrieve confidential HR, le
|
||||
Run SQL scripts from the repository root. On Linux/macOS/WSL:
|
||||
|
||||
```bash
|
||||
cd ~/DEEP-DATA-SECURITY/oracle-deep-data-security-lab
|
||||
export TNS_ADMIN=~/DEEP-DATA-SECURITY/wallet-ddslab
|
||||
cd <repo-root>
|
||||
export TNS_ADMIN=<wallet-directory>
|
||||
```
|
||||
|
||||
Connect as the lab administrator:
|
||||
@@ -34,6 +34,9 @@ This scenario uses the `VECTOR` type, `TO_VECTOR`, and `VECTOR_DISTANCE`. Use a
|
||||
|
||||
SQLcl note: when running a script with `@file.sql`, press Enter once and wait for the output. Do not type `/` afterward, because `/` reruns the last command in the SQLcl buffer.
|
||||
|
||||
|
||||
Connection alias note: ddslab_tunnel is the TNS alias configured in the wallet `tnsnames.ora` for this lab. If your wallet uses another alias, replace ddslab_tunnel with your own service alias.
|
||||
|
||||
## Step By Step - Before, Vulnerable Environment
|
||||
|
||||
1. Reset the scenario as `ADMIN`:
|
||||
|
||||
@@ -21,8 +21,8 @@ Show that a RAG agent retrieves only authorized chunks/documents before sending
|
||||
1. From the repository root, connect as `ADMIN`:
|
||||
|
||||
```bash
|
||||
cd ~/DEEP-DATA-SECURITY/oracle-deep-data-security-lab
|
||||
export TNS_ADMIN=~/DEEP-DATA-SECURITY/wallet-ddslab
|
||||
cd <repo-root>
|
||||
export TNS_ADMIN=<wallet-directory>
|
||||
sql admin@ddslab_tunnel
|
||||
```
|
||||
|
||||
@@ -30,6 +30,9 @@ Show that a RAG agent retrieves only authorized chunks/documents before sending
|
||||
|
||||
SQLcl note: after running a script with `@file.sql`, do not type `/`. The slash reruns the last command in the SQLcl buffer and can make a successful command look like an error.
|
||||
|
||||
|
||||
Connection alias note: ddslab_tunnel is the TNS alias configured in the wallet `tnsnames.ora` for this lab. If your wallet uses another alias, replace ddslab_tunnel with your own service alias.
|
||||
|
||||
2. Reset the scenario:
|
||||
|
||||
```sql
|
||||
|
||||
@@ -81,8 +81,8 @@ Only authorized chunks are sent to the LLM
|
||||
Run all commands from the repository root:
|
||||
|
||||
```bash
|
||||
cd ~/DEEP-DATA-SECURITY/oracle-deep-data-security-lab
|
||||
export TNS_ADMIN=~/DEEP-DATA-SECURITY/wallet-ddslab
|
||||
cd <repo-root>
|
||||
export TNS_ADMIN=<wallet-directory>
|
||||
```
|
||||
|
||||
Connect as the lab administrator:
|
||||
@@ -93,6 +93,9 @@ sql admin@ddslab_tunnel
|
||||
|
||||
SQLcl note: when you run a script with `@file.sql`, press Enter once and wait for the output. Do not type `/` afterward; `/` reruns the last command in the SQLcl buffer.
|
||||
|
||||
|
||||
Connection alias note: ddslab_tunnel is the TNS alias configured in the wallet `tnsnames.ora` for this lab. If your wallet uses another alias, replace ddslab_tunnel with your own service alias.
|
||||
|
||||
## Lab 1 - Prepare The Environment
|
||||
|
||||
### Task 1.1 - Reset The Scenario
|
||||
|
||||
@@ -19,7 +19,7 @@ Before the controls are applied, a payments table can be queried without a clear
|
||||
Run SQL commands from the repository root:
|
||||
|
||||
```powershell
|
||||
cd C:\Users\rodrigo\Documents\Codex\oracle-deep-data-security-lab
|
||||
cd <repo-root>
|
||||
```
|
||||
|
||||
Connect to the database with SQLcl or SQL*Plus:
|
||||
|
||||
@@ -30,13 +30,16 @@ Before controls, a payment operator can query payment tokens through broad acces
|
||||
## Before You Begin
|
||||
|
||||
```bash
|
||||
cd ~/DEEP-DATA-SECURITY/oracle-deep-data-security-lab
|
||||
export TNS_ADMIN=~/DEEP-DATA-SECURITY/wallet-ddslab
|
||||
cd <repo-root>
|
||||
export TNS_ADMIN=<wallet-directory>
|
||||
sql admin@ddslab_tunnel
|
||||
```
|
||||
|
||||
SQLcl note: after running `@file.sql`, do not type `/`.
|
||||
|
||||
|
||||
Connection alias note: ddslab_tunnel is the TNS alias configured in the wallet `tnsnames.ora` for this lab. If your wallet uses another alias, replace ddslab_tunnel with your own service alias.
|
||||
|
||||
## Lab 1 - Prepare The Environment
|
||||
|
||||
### Task 1.1 - Reset The Scenario
|
||||
|
||||
Reference in New Issue
Block a user