Translate lab documentation to English
Some checks failed
Repo Quality / structure (push) Has been cancelled
Terraform Validate / validate (push) Has been cancelled

This commit is contained in:
Rodrigo Pace
2026-05-08 14:50:52 -03:00
parent cde150b705
commit 52bf971b8b
33 changed files with 939 additions and 702 deletions

View File

@@ -1,36 +1,37 @@
# Catalogo De Cenarios
# Scenario Catalog
## 01 - AI Prompt Injection
Mostra um agente AI tentando gerar SQL amplo demais. Deep Data Security limita o retorno ao contexto do usuario final.
Shows an AI agent attempting to generate overly broad SQL. Oracle Deep Data Security limits the result based on the end-user context.
## 02 - Shared App Account
Mostra o problema de uma conta tecnica de aplicacao usada por varios usuarios. O controle relevante passa a ser o end user/contexto, nao apenas a conta do pool.
Shows the risk of a technical application account shared by multiple users. The relevant control becomes the end-user context, not only the connection pool account.
## 03 - PII Row/Column/Cell
Mostra controle de acesso por linha, coluna e celula. Funcionario ve seu registro; gerente ve time com SSN oculto; RH ve atributos sensiveis.
Shows row, column, and cell-level access control. An employee sees their own record, a manager sees the team with SSN hidden, and HR sees sensitive attributes.
## 04 - View Bypass / MAC
Mostra como uma view pode virar caminho alternativo de acesso e como `USE DATA GRANTS ONLY` forca a politica da tabela base.
Shows how a view can become an alternate access path and how `USE DATA GRANTS ONLY` enforces the base table policy.
## 05 - Legacy App AI Extension
Mostra uma aplicacao legada ampliada com agente AI sem reescrever toda a autorizacao. O agente acessa o mesmo dataset, mas Deep Data Security limita linhas e colunas pelo contexto do usuario final.
Shows a legacy application extended with an AI agent without rewriting all authorization logic. The agent accesses the same dataset, but Oracle Deep Data Security limits rows and columns by end-user context.
## 06 - RAG Vector Classified Docs
Mostra RAG/vector search com documentos classificados. A busca pode tentar recuperar todos os chunks, mas o banco entrega apenas o que a classificacao e a persona autorizam.
Shows RAG/vector search with classified documents. Retrieval may attempt to fetch all chunks, but the database returns only what the classification and persona allow.
## 07 - Audit Evidence With Data Safe
Mostra como gerar evidencias com Unified Audit e como posicionar OCI Data Safe para activity auditing, relatorios e validacao de acesso a dados sensiveis.
Shows how to generate evidence with Unified Audit and how to position OCI Data Safe for activity auditing, reporting, and sensitive data access validation.
## Proximos Cenarios Sugeridos
## Suggested Next Scenarios
- BI by region, branch, and cost center.
- Controlled write operations with `UPDATE`, `INSERT`, and `DELETE`.
- Database Vault complement to block DBA access.
- AVDF/SIEM integration for on-premises, Exadata, or heterogeneous environments.
- BI por regiao, filial e centro de custo.
- Escrita controlada com `UPDATE`, `INSERT` e `DELETE`.
- Complemento com Database Vault para bloquear DBA.
- AVDF/SIEM para ambientes on-premises, Exadata ou heterogeneos.