Files
oracle-deep-data-security-lab/docs/scenarios.md
Rodrigo Pace 52bf971b8b
Some checks failed
Repo Quality / structure (push) Has been cancelled
Terraform Validate / validate (push) Has been cancelled
Translate lab documentation to English
2026-05-08 14:50:52 -03:00

1.6 KiB

Scenario Catalog

01 - AI Prompt Injection

Shows an AI agent attempting to generate overly broad SQL. Oracle Deep Data Security limits the result based on the end-user context.

02 - Shared App Account

Shows the risk of a technical application account shared by multiple users. The relevant control becomes the end-user context, not only the connection pool account.

03 - PII Row/Column/Cell

Shows row, column, and cell-level access control. An employee sees their own record, a manager sees the team with SSN hidden, and HR sees sensitive attributes.

04 - View Bypass / MAC

Shows how a view can become an alternate access path and how USE DATA GRANTS ONLY enforces the base table policy.

05 - Legacy App AI Extension

Shows a legacy application extended with an AI agent without rewriting all authorization logic. The agent accesses the same dataset, but Oracle Deep Data Security limits rows and columns by end-user context.

06 - RAG Vector Classified Docs

Shows RAG/vector search with classified documents. Retrieval may attempt to fetch all chunks, but the database returns only what the classification and persona allow.

07 - Audit Evidence With Data Safe

Shows how to generate evidence with Unified Audit and how to position OCI Data Safe for activity auditing, reporting, and sensitive data access validation.

Suggested Next Scenarios

  • BI by region, branch, and cost center.
  • Controlled write operations with UPDATE, INSERT, and DELETE.
  • Database Vault complement to block DBA access.
  • AVDF/SIEM integration for on-premises, Exadata, or heterogeneous environments.