Translate lab documentation to English
Some checks failed
Repo Quality / structure (push) Has been cancelled
Terraform Validate / validate (push) Has been cancelled

This commit is contained in:
Rodrigo Pace
2026-05-08 14:50:52 -03:00
parent cde150b705
commit 52bf971b8b
33 changed files with 939 additions and 702 deletions

View File

@@ -1,50 +1,50 @@
# 07 - Audit Evidence With Data Safe
## Objetivo
## Objective
Demonstrar como transformar acessos a dados sensiveis em evidencias para auditoria usando Unified Audit e OCI Data Safe.
Show how to turn access to sensitive data into audit evidence using Unified Audit and OCI Data Safe.
## O Que Este Lab Mostra
## What This Lab Shows
Antes dos controles, uma tabela de pagamentos pode ser consultada sem uma trilha de evidencia facil de apresentar ao cliente. Depois, Deep Data Security restringe os dados por persona e Unified Audit/Data Safe ajudam a mostrar quem acessou o que.
Before the controls are applied, a payments table can be queried without a clear evidence trail for the customer. Afterward, Oracle Deep Data Security restricts data by persona and Unified Audit/Data Safe help show who accessed what.
## Personas
- `payment_operator`: operador de pagamentos.
- `payment_operator`: payment operations user.
- `auditor`: auditor.
- `dds_audit_analyst`: conta tecnica para analise.
- `dds_audit_analyst`: technical analysis account.
## Onde Executar Os Comandos
## Where To Run The Commands
Execute os comandos SQL a partir da raiz do repositorio:
Run SQL commands from the repository root:
```powershell
cd C:\Users\rodrigo\Documents\Codex\oracle-deep-data-security-lab
```
Conecte no banco com SQLcl ou SQL*Plus:
Connect to the database with SQLcl or SQL*Plus:
```bash
sql "<connect_string>"
```
A parte de Data Safe deve ser executada no Console OCI, no servico Oracle Data Safe.
The Data Safe portion must be performed in the OCI Console under Oracle Data Safe.
## Passo A Passo - Antes, Ambiente Vulneravel
## Step By Step - Before, Vulnerable Environment
1. Acesse o banco:
1. Connect to the database:
```bash
sql "<connect_string>"
```
2. Limpe o cenario:
2. Reset the scenario:
```sql
@scenarios/07-audit-evidence-data-safe/sql/99_reset.sql
```
3. Crie tabela sensivel, dados e personas:
3. Create the sensitive table, data, and personas:
```sql
@scenarios/07-audit-evidence-data-safe/sql/00_schema.sql
@@ -52,7 +52,7 @@ A parte de Data Safe deve ser executada no Console OCI, no servico Oracle Data S
@scenarios/07-audit-evidence-data-safe/sql/02_identities.sql
```
4. Execute uma consulta ampla de pagamentos:
4. Run a broad payments query:
```sql
SELECT payment_id, customer_name, country, payment_amount, card_token, risk_flag
@@ -60,45 +60,45 @@ A parte de Data Safe deve ser executada no Console OCI, no servico Oracle Data S
ORDER BY payment_id;
```
Resultado esperado antes: `CARD_TOKEN` e outros dados sensiveis podem aparecer para quem tiver acesso amplo, e a evidencia nao esta organizada para auditoria.
Expected result before protection: `CARD_TOKEN` and other sensitive data may appear for users with broad access, and the evidence is not organized for audit review.
## Passo A Passo - Depois, Com Deep Data Security E Auditoria
## Step By Step - After, With Deep Data Security And Auditing
1. Aplique os data grants:
1. Apply the data grants:
```sql
@scenarios/07-audit-evidence-data-safe/sql/03_data_grants.sql
```
2. Crie as politicas de Unified Audit:
2. Create the Unified Audit policies:
```sql
@scenarios/07-audit-evidence-data-safe/sql/04_audit_policies.sql
```
3. Gere atividade e consulte a trilha de auditoria local:
3. Generate activity and review the local audit trail:
```sql
@scenarios/07-audit-evidence-data-safe/sql/05_generate_activity.sql
```
4. No Console OCI, acesse Oracle Data Safe e execute:
4. In the OCI Console, open Oracle Data Safe and perform:
```text
Security Center > Data Safe
Target Databases > Register Target Database
Activity Auditing > Start Audit Trail
Activity Auditing > Reports ou Events
Activity Auditing > Reports or Events
```
Resultado esperado depois:
Expected result after protection:
- `payment_operator` ve dados operacionais do Brasil, sem `CARD_TOKEN`.
- `auditor` ve dados necessarios para revisao.
- `UNIFIED_AUDIT_TRAIL` registra acesso a `DDS_AUDIT_PAYMENTS`.
- Data Safe apresenta eventos, relatorios e evidencias para o cliente.
- `payment_operator` sees Brazil operational payment fields without `CARD_TOKEN`.
- `auditor` sees the data required for review.
- `UNIFIED_AUDIT_TRAIL` records access to `DDS_AUDIT_PAYMENTS`.
- Data Safe presents events, reports, and evidence for the customer.
## Execucao Automatizada Opcional
## Optional Automated Execution
Windows:
@@ -112,7 +112,7 @@ Linux/macOS:
./scripts/run-scenario.sh 07-audit-evidence-data-safe "<connect_string>"
```
## Detalhes Da Demo
## Demo Details
Veja o passo a passo completo, evidencias e referencias oficiais em [RUNBOOK.md](RUNBOOK.md).
See the complete walkthrough, evidence, and official references in [RUNBOOK.md](RUNBOOK.md).