Improve Deep Data Security lab scenarios
This commit is contained in:
11
scenarios/01-ai-prompt-injection/evidence/expected-results.md
Normal file → Executable file
11
scenarios/01-ai-prompt-injection/evidence/expected-results.md
Normal file → Executable file
@@ -1,7 +1,8 @@
|
||||
# Expected Results
|
||||
|
||||
- `alice` sees only customers where `account_owner = alice`.
|
||||
- `bruno` sees LATAM customers and `tax_id` as `NULL`.
|
||||
- `carla` sees global rows and sensitive columns.
|
||||
- The same broad SQL returns different results by end-user context.
|
||||
|
||||
- Before DDS enforcement, `alice` can run the broad high-risk customer query through the intentionally overprivileged legacy role.
|
||||
- Before DDS enforcement, sensitive columns such as `tax_id` and `annual_revenue` may be exposed to Alice.
|
||||
- After DDS enforcement, `alice` sees only LATAM customer fields authorized for the sales role.
|
||||
- After DDS enforcement, `bruno` sees LATAM customers and `tax_id` as `NULL`.
|
||||
- After DDS enforcement, `carla` sees global rows and sensitive columns.
|
||||
- The same broad SQL returns different results after database-enforced data grants are applied.
|
||||
|
||||
Reference in New Issue
Block a user