07 - Audit Evidence With Data Safe
Objective
Show how to turn access to sensitive data into audit evidence using Unified Audit and OCI Data Safe.
What This Lab Shows
Before the controls are applied, a payments table can be queried without a clear evidence trail for the customer. Afterward, Oracle Deep Data Security restricts data by persona and Unified Audit/Data Safe help show who accessed what.
Personas
payment_operator: payment operations user.auditor: auditor.dds_audit_analyst: technical analysis account.
Where To Run The Commands
Run SQL commands from the repository root:
cd C:\Users\rodrigo\Documents\Codex\oracle-deep-data-security-lab
Connect to the database with SQLcl or SQL*Plus:
sql "<connect_string>"
The Data Safe portion must be performed in the OCI Console under Oracle Data Safe.
Step By Step - Before, Vulnerable Environment
-
Connect to the database:
sql "<connect_string>" -
Reset the scenario:
@scenarios/07-audit-evidence-data-safe/sql/99_reset.sql -
Create the sensitive table, data, and personas:
@scenarios/07-audit-evidence-data-safe/sql/00_schema.sql @scenarios/07-audit-evidence-data-safe/sql/01_seed_data.sql @scenarios/07-audit-evidence-data-safe/sql/02_identities.sql -
Run a broad payments query:
SELECT payment_id, customer_name, country, payment_amount, card_token, risk_flag FROM dds_audit_payments ORDER BY payment_id;
Expected result before protection: CARD_TOKEN and other sensitive data may appear for users with broad access, and the evidence is not organized for audit review.
Step By Step - After, With Deep Data Security And Auditing
-
Apply the data grants:
@scenarios/07-audit-evidence-data-safe/sql/03_data_grants.sql -
Create the Unified Audit policies:
@scenarios/07-audit-evidence-data-safe/sql/04_audit_policies.sql -
Apply redaction to payment tokens for audit review:
@scenarios/07-audit-evidence-data-safe/sql/06_redaction_policy.sql -
Generate activity and review the local audit trail:
@scenarios/07-audit-evidence-data-safe/sql/05_generate_activity.sql -
In the OCI Console, open Oracle Data Safe and perform:
Security Center > Data Safe Target Databases > Register Target Database Activity Auditing > Start Audit Trail Activity Auditing > Reports or Events
Expected result after protection:
payment_operatorsees Brazil operational payment fields withoutCARD_TOKEN.auditorsees the data required for review, withCARD_TOKENpartially redacted.UNIFIED_AUDIT_TRAILrecords access toDDS_AUDIT_PAYMENTS.- Data Safe presents events, reports, and evidence for the customer.
Optional Automated Execution
Windows:
powershell -ExecutionPolicy Bypass -File .\scripts\run-scenario.ps1 -Scenario 07-audit-evidence-data-safe -ConnectString "<connect_string>"
Linux/macOS:
./scripts/run-scenario.sh 07-audit-evidence-data-safe "<connect_string>"
Demo Details
See the complete walkthrough, evidence, and official references in RUNBOOK.md.
For a LiveLabs-style guided workshop, use WORKSHOP.md.