2.2 KiB
Executable File
03 - PII Row Column Cell
Objective
Show fine-grained PII controls at row, column, and cell level.
What This Lab Shows
Before Oracle Deep Data Security, a broad query can expose employee records, SSNs, and salaries. After data grants are applied, each persona sees only what their business function allows.
Personas
emma: employee.marvin: manager.victoria: HR user.
Where To Run The Commands
Run commands from the repository root:
cd C:\Users\rodrigo\Documents\Codex\oracle-deep-data-security-lab
Connect to the database with SQLcl or SQL*Plus:
sql "<connect_string>"
Step By Step - Before, Vulnerable Environment
-
Connect to the database:
sql "<connect_string>" -
Reset the scenario:
@scenarios/03-pii-row-column-cell/sql/99_reset.sql -
Create the employee table, data, and personas:
@scenarios/03-pii-row-column-cell/sql/00_schema.sql @scenarios/03-pii-row-column-cell/sql/01_seed_data.sql @scenarios/03-pii-row-column-cell/sql/02_identities.sql -
Run the broad query:
@scenarios/03-pii-row-column-cell/sql/04_test_queries.sql
Expected result before protection: all records and sensitive columns may appear, including SSN and SALARY.
Step By Step - After, With Deep Data Security
-
Apply the data grants:
@scenarios/03-pii-row-column-cell/sql/03_data_grants.sql -
Run the query again:
@scenarios/03-pii-row-column-cell/sql/04_test_queries.sql -
Repeat the test by simulating
emma,marvin, andvictoria.
Expected result after protection:
emmasees only her own record.marvinsees direct reports, but SSN is hidden.victoriasees sensitive data through the HR role.- Updates are limited to authorized columns.
Optional Automated Execution
Windows:
powershell -ExecutionPolicy Bypass -File .\scripts\run-scenario.ps1 -Scenario 03-pii-row-column-cell -ConnectString "<connect_string>"
Linux/macOS:
./scripts/run-scenario.sh 03-pii-row-column-cell "<connect_string>"
Demo Details
See the complete walkthrough, evidence, and official references in RUNBOOK.md.