# 07 - Audit Evidence With Data Safe ## Objective Show how to turn access to sensitive data into audit evidence using Unified Audit and OCI Data Safe. ## What This Lab Shows Before the controls are applied, a payments table can be queried without a clear evidence trail for the customer. Afterward, Oracle Deep Data Security restricts data by persona and Unified Audit/Data Safe help show who accessed what. ## Personas - `payment_operator`: payment operations user. - `auditor`: auditor. - `dds_audit_analyst`: technical analysis account. ## Where To Run The Commands Run SQL commands from the repository root: ```powershell cd C:\Users\rodrigo\Documents\Codex\oracle-deep-data-security-lab ``` Connect to the database with SQLcl or SQL*Plus: ```bash sql "" ``` The Data Safe portion must be performed in the OCI Console under Oracle Data Safe. ## Step By Step - Before, Vulnerable Environment 1. Connect to the database: ```bash sql "" ``` 2. Reset the scenario: ```sql @scenarios/07-audit-evidence-data-safe/sql/99_reset.sql ``` 3. Create the sensitive table, data, and personas: ```sql @scenarios/07-audit-evidence-data-safe/sql/00_schema.sql @scenarios/07-audit-evidence-data-safe/sql/01_seed_data.sql @scenarios/07-audit-evidence-data-safe/sql/02_identities.sql ``` 4. Run a broad payments query: ```sql SELECT payment_id, customer_name, country, payment_amount, card_token, risk_flag FROM dds_audit_payments ORDER BY payment_id; ``` Expected result before protection: `CARD_TOKEN` and other sensitive data may appear for users with broad access, and the evidence is not organized for audit review. ## Step By Step - After, With Deep Data Security And Auditing 1. Apply the data grants: ```sql @scenarios/07-audit-evidence-data-safe/sql/03_data_grants.sql ``` 2. Create the Unified Audit policies: ```sql @scenarios/07-audit-evidence-data-safe/sql/04_audit_policies.sql ``` 3. Generate activity and review the local audit trail: ```sql @scenarios/07-audit-evidence-data-safe/sql/05_generate_activity.sql ``` 4. In the OCI Console, open Oracle Data Safe and perform: ```text Security Center > Data Safe Target Databases > Register Target Database Activity Auditing > Start Audit Trail Activity Auditing > Reports or Events ``` Expected result after protection: - `payment_operator` sees Brazil operational payment fields without `CARD_TOKEN`. - `auditor` sees the data required for review. - `UNIFIED_AUDIT_TRAIL` records access to `DDS_AUDIT_PAYMENTS`. - Data Safe presents events, reports, and evidence for the customer. ## Optional Automated Execution Windows: ```powershell powershell -ExecutionPolicy Bypass -File .\scripts\run-scenario.ps1 -Scenario 07-audit-evidence-data-safe -ConnectString "" ``` Linux/macOS: ```bash ./scripts/run-scenario.sh 07-audit-evidence-data-safe "" ``` ## Demo Details See the complete walkthrough, evidence, and official references in [RUNBOOK.md](RUNBOOK.md).