Files
oracle-deep-data-security-lab/scenarios/05-legacy-app-ai-extension/README.md
Rodrigo Pace 52bf971b8b
Some checks failed
Repo Quality / structure (push) Has been cancelled
Terraform Validate / validate (push) Has been cancelled
Translate lab documentation to English
2026-05-08 14:50:52 -03:00

3.1 KiB

05 - Legacy App AI Extension

Objective

Show how a legacy application can be extended with an AI agent without rewriting all application authorization logic.

What This Lab Shows

Before Oracle Deep Data Security, an AI agent connected to the same legacy schema can query customers, margin, contracts, legal clauses, and private support tickets. After data grants are applied, the agent receives only the data allowed for the propagated persona.

Personas

  • joao: regional sales representative.
  • ana: Brazil sales manager.
  • maria: customer support.
  • sofia: legal user.
  • legacy_app: technical account for the existing application.
  • ai_agent_app: technical account for the new AI agent.

Where To Run The Commands

Run commands from the repository root:

cd C:\Users\rodrigo\Documents\Codex\oracle-deep-data-security-lab

Connect to the database with SQLcl or SQL*Plus:

sql "<connect_string>"

Example:

ADMIN/<password>@ddslab_high

If you use Autonomous Database with a wallet, configure TNS_ADMIN to point to the wallet directory before connecting.

Step By Step - Before, Vulnerable Environment

  1. Connect to the database:

    sql "<connect_string>"
    
  2. Clean up any previous run:

    @scenarios/05-legacy-app-ai-extension/sql/99_reset.sql
    
  3. Create the legacy dataset, contracts, tickets, and personas:

    @scenarios/05-legacy-app-ai-extension/sql/00_schema.sql
    @scenarios/05-legacy-app-ai-extension/sql/01_seed_data.sql
    @scenarios/05-legacy-app-ai-extension/sql/02_identities.sql
    
  4. Simulate the AI agent question:

    List all high-risk customers, margin, renewals, legal clauses, and private support notes.
    
  5. Run the broad queries that represent the agent response:

    @scenarios/05-legacy-app-ai-extension/sql/04_test_queries.sql
    

Expected result before protection: the agent can combine commercial, legal, and support data beyond what is needed.

Step By Step - After, With Deep Data Security

  1. Apply the data grants:

    @scenarios/05-legacy-app-ai-extension/sql/03_data_grants.sql
    
  2. Run the same queries again:

    @scenarios/05-legacy-app-ai-extension/sql/04_test_queries.sql
    
  3. Repeat the demo by simulating the joao, ana, maria, and sofia personas.

Expected result after protection:

  • joao sees his portfolio without margin or legal hold.
  • ana sees Brazil customers and regional commercial metrics.
  • maria sees operational tickets without legal clauses or private notes.
  • sofia sees authorized contracts and legal clauses.
  • AI modernization is possible without exposing the whole schema.

Optional Automated Execution

Windows:

powershell -ExecutionPolicy Bypass -File .\scripts\run-scenario.ps1 -Scenario 05-legacy-app-ai-extension -ConnectString "<connect_string>"

Linux/macOS:

./scripts/run-scenario.sh 05-legacy-app-ai-extension "<connect_string>"

Demo Details

See the complete walkthrough, evidence, and official references in RUNBOOK.md.