Add legacy AI, RAG vector and Data Safe audit scenarios
Some checks failed
Repo Quality / structure (push) Has been cancelled
Some checks failed
Repo Quality / structure (push) Has been cancelled
This commit is contained in:
11
scenarios/07-audit-evidence-data-safe/sql/00_schema.sql
Normal file
11
scenarios/07-audit-evidence-data-safe/sql/00_schema.sql
Normal file
@@ -0,0 +1,11 @@
|
||||
WHENEVER SQLERROR EXIT SQL.SQLCODE
|
||||
|
||||
CREATE TABLE dds_audit_payments (
|
||||
payment_id NUMBER GENERATED BY DEFAULT AS IDENTITY PRIMARY KEY,
|
||||
customer_name VARCHAR2(100) NOT NULL,
|
||||
country VARCHAR2(40) NOT NULL,
|
||||
payment_amount NUMBER(12,2) NOT NULL,
|
||||
card_token VARCHAR2(80),
|
||||
risk_flag VARCHAR2(20) NOT NULL
|
||||
);
|
||||
|
||||
13
scenarios/07-audit-evidence-data-safe/sql/01_seed_data.sql
Normal file
13
scenarios/07-audit-evidence-data-safe/sql/01_seed_data.sql
Normal file
@@ -0,0 +1,13 @@
|
||||
WHENEVER SQLERROR EXIT SQL.SQLCODE
|
||||
|
||||
INSERT INTO dds_audit_payments (customer_name, country, payment_amount, card_token, risk_flag)
|
||||
VALUES ('Acme Brasil', 'Brazil', 15000, 'tok_live_001', 'HIGH');
|
||||
|
||||
INSERT INTO dds_audit_payments (customer_name, country, payment_amount, card_token, risk_flag)
|
||||
VALUES ('Varejo Sol', 'Brazil', 3500, 'tok_live_002', 'LOW');
|
||||
|
||||
INSERT INTO dds_audit_payments (customer_name, country, payment_amount, card_token, risk_flag)
|
||||
VALUES ('Northwind US', 'USA', 48000, 'tok_live_003', 'HIGH');
|
||||
|
||||
COMMIT;
|
||||
|
||||
14
scenarios/07-audit-evidence-data-safe/sql/02_identities.sql
Normal file
14
scenarios/07-audit-evidence-data-safe/sql/02_identities.sql
Normal file
@@ -0,0 +1,14 @@
|
||||
WHENEVER SQLERROR EXIT SQL.SQLCODE
|
||||
|
||||
CREATE USER dds_audit_analyst IDENTIFIED BY "Welcome1_Audit!" ACCOUNT UNLOCK;
|
||||
GRANT CREATE SESSION TO dds_audit_analyst;
|
||||
|
||||
CREATE END USER auditor IDENTIFIED BY "Welcome1_DDS!";
|
||||
CREATE END USER payment_operator IDENTIFIED BY "Welcome1_DDS!";
|
||||
|
||||
CREATE DATA ROLE audit_read_role;
|
||||
CREATE DATA ROLE payment_operator_role;
|
||||
|
||||
GRANT DATA ROLE audit_read_role TO auditor;
|
||||
GRANT DATA ROLE payment_operator_role TO payment_operator;
|
||||
|
||||
15
scenarios/07-audit-evidence-data-safe/sql/03_data_grants.sql
Normal file
15
scenarios/07-audit-evidence-data-safe/sql/03_data_grants.sql
Normal file
@@ -0,0 +1,15 @@
|
||||
WHENEVER SQLERROR EXIT SQL.SQLCODE
|
||||
|
||||
CREATE OR REPLACE DATA GRANT audit_payments_read_all
|
||||
AS SELECT
|
||||
ON dds_audit_payments
|
||||
TO audit_read_role;
|
||||
|
||||
CREATE OR REPLACE DATA GRANT audit_payments_operator
|
||||
AS SELECT (payment_id, customer_name, country, payment_amount, risk_flag)
|
||||
ON dds_audit_payments
|
||||
WHERE country = 'Brazil'
|
||||
TO payment_operator_role;
|
||||
|
||||
SET USE DATA GRANTS ONLY ON dds_audit_payments ENABLED;
|
||||
|
||||
@@ -0,0 +1,11 @@
|
||||
WHENEVER SQLERROR EXIT SQL.SQLCODE
|
||||
|
||||
CREATE AUDIT POLICY dds_payments_select_policy
|
||||
ACTIONS SELECT ON dds_audit_payments;
|
||||
|
||||
CREATE AUDIT POLICY dds_security_admin_policy
|
||||
ACTIONS CREATE USER, ALTER USER, DROP USER, CREATE ROLE, DROP ROLE, GRANT, REVOKE;
|
||||
|
||||
AUDIT POLICY dds_payments_select_policy;
|
||||
AUDIT POLICY dds_security_admin_policy;
|
||||
|
||||
@@ -0,0 +1,22 @@
|
||||
SET PAGESIZE 100
|
||||
SET LINESIZE 220
|
||||
|
||||
PROMPT Generate auditable activity.
|
||||
|
||||
SELECT payment_id, customer_name, country, payment_amount, card_token, risk_flag
|
||||
FROM dds_audit_payments
|
||||
ORDER BY payment_id;
|
||||
|
||||
PROMPT Review local audit trail. Data Safe should collect equivalent activity after target auditing is enabled.
|
||||
|
||||
SELECT event_timestamp,
|
||||
dbusername,
|
||||
action_name,
|
||||
object_schema,
|
||||
object_name,
|
||||
unified_audit_policies
|
||||
FROM unified_audit_trail
|
||||
WHERE object_name = 'DDS_AUDIT_PAYMENTS'
|
||||
ORDER BY event_timestamp DESC
|
||||
FETCH FIRST 20 ROWS ONLY;
|
||||
|
||||
27
scenarios/07-audit-evidence-data-safe/sql/99_reset.sql
Normal file
27
scenarios/07-audit-evidence-data-safe/sql/99_reset.sql
Normal file
@@ -0,0 +1,27 @@
|
||||
BEGIN EXECUTE IMMEDIATE 'NOAUDIT POLICY dds_payments_select_policy'; EXCEPTION WHEN OTHERS THEN NULL; END;
|
||||
/
|
||||
BEGIN EXECUTE IMMEDIATE 'NOAUDIT POLICY dds_security_admin_policy'; EXCEPTION WHEN OTHERS THEN NULL; END;
|
||||
/
|
||||
BEGIN EXECUTE IMMEDIATE 'DROP AUDIT POLICY dds_payments_select_policy'; EXCEPTION WHEN OTHERS THEN NULL; END;
|
||||
/
|
||||
BEGIN EXECUTE IMMEDIATE 'DROP AUDIT POLICY dds_security_admin_policy'; EXCEPTION WHEN OTHERS THEN NULL; END;
|
||||
/
|
||||
BEGIN EXECUTE IMMEDIATE 'SET USE DATA GRANTS ONLY ON dds_audit_payments DISABLED'; EXCEPTION WHEN OTHERS THEN NULL; END;
|
||||
/
|
||||
BEGIN EXECUTE IMMEDIATE 'DROP DATA GRANT audit_payments_read_all'; EXCEPTION WHEN OTHERS THEN NULL; END;
|
||||
/
|
||||
BEGIN EXECUTE IMMEDIATE 'DROP DATA GRANT audit_payments_operator'; EXCEPTION WHEN OTHERS THEN NULL; END;
|
||||
/
|
||||
BEGIN EXECUTE IMMEDIATE 'DROP TABLE dds_audit_payments PURGE'; EXCEPTION WHEN OTHERS THEN NULL; END;
|
||||
/
|
||||
BEGIN EXECUTE IMMEDIATE 'DROP USER dds_audit_analyst CASCADE'; EXCEPTION WHEN OTHERS THEN NULL; END;
|
||||
/
|
||||
BEGIN EXECUTE IMMEDIATE 'DROP DATA ROLE audit_read_role'; EXCEPTION WHEN OTHERS THEN NULL; END;
|
||||
/
|
||||
BEGIN EXECUTE IMMEDIATE 'DROP DATA ROLE payment_operator_role'; EXCEPTION WHEN OTHERS THEN NULL; END;
|
||||
/
|
||||
BEGIN EXECUTE IMMEDIATE 'DROP END USER auditor'; EXCEPTION WHEN OTHERS THEN NULL; END;
|
||||
/
|
||||
BEGIN EXECUTE IMMEDIATE 'DROP END USER payment_operator'; EXCEPTION WHEN OTHERS THEN NULL; END;
|
||||
/
|
||||
|
||||
Reference in New Issue
Block a user