38 lines
1.6 KiB
Markdown
Executable File
38 lines
1.6 KiB
Markdown
Executable File
# Scenario Catalog
|
|
|
|
## 01 - AI Prompt Injection
|
|
|
|
Shows an AI agent attempting to generate overly broad SQL. Oracle Deep Data Security limits the result based on the end-user context.
|
|
|
|
## 02 - Shared App Account
|
|
|
|
Shows the risk of a technical application account shared by multiple users. The relevant control becomes the end-user context, not only the connection pool account.
|
|
|
|
## 03 - PII Row/Column/Cell
|
|
|
|
Shows row, column, and cell-level access control. An employee sees their own record, a manager sees the team with SSN hidden, and HR sees sensitive attributes.
|
|
|
|
## 04 - View Bypass / MAC
|
|
|
|
Shows how a view can become an alternate access path and how `USE DATA GRANTS ONLY` enforces the base table policy.
|
|
|
|
## 05 - Legacy App AI Extension
|
|
|
|
Shows a legacy application extended with an AI agent without rewriting all authorization logic. The agent accesses the same dataset, but Oracle Deep Data Security limits rows and columns by end-user context.
|
|
|
|
## 06 - RAG Vector Classified Docs
|
|
|
|
Shows RAG/vector search with classified documents. Retrieval may attempt to fetch all chunks, but the database returns only what the classification and persona allow.
|
|
|
|
## 07 - Audit Evidence With Data Safe
|
|
|
|
Shows how to generate evidence with Unified Audit and how to position OCI Data Safe for activity auditing, reporting, and sensitive data access validation.
|
|
|
|
## Suggested Next Scenarios
|
|
|
|
- BI by region, branch, and cost center.
|
|
- Controlled write operations with `UPDATE`, `INSERT`, and `DELETE`.
|
|
- Database Vault complement to block DBA access.
|
|
- AVDF/SIEM integration for on-premises, Exadata, or heterogeneous environments.
|
|
|