Files
oracle-deep-data-security-lab/docs/scenarios.md
Rodrigo db3d68af10
Some checks failed
Repo Quality / structure (push) Has been cancelled
Terraform Validate / validate (push) Has been cancelled
Improve Deep Data Security lab scenarios
2026-05-13 16:13:04 -03:00

38 lines
1.6 KiB
Markdown
Executable File

# Scenario Catalog
## 01 - AI Prompt Injection
Shows an AI agent attempting to generate overly broad SQL. Oracle Deep Data Security limits the result based on the end-user context.
## 02 - Shared App Account
Shows the risk of a technical application account shared by multiple users. The relevant control becomes the end-user context, not only the connection pool account.
## 03 - PII Row/Column/Cell
Shows row, column, and cell-level access control. An employee sees their own record, a manager sees the team with SSN hidden, and HR sees sensitive attributes.
## 04 - View Bypass / MAC
Shows how a view can become an alternate access path and how `USE DATA GRANTS ONLY` enforces the base table policy.
## 05 - Legacy App AI Extension
Shows a legacy application extended with an AI agent without rewriting all authorization logic. The agent accesses the same dataset, but Oracle Deep Data Security limits rows and columns by end-user context.
## 06 - RAG Vector Classified Docs
Shows RAG/vector search with classified documents. Retrieval may attempt to fetch all chunks, but the database returns only what the classification and persona allow.
## 07 - Audit Evidence With Data Safe
Shows how to generate evidence with Unified Audit and how to position OCI Data Safe for activity auditing, reporting, and sensitive data access validation.
## Suggested Next Scenarios
- BI by region, branch, and cost center.
- Controlled write operations with `UPDATE`, `INSERT`, and `DELETE`.
- Database Vault complement to block DBA access.
- AVDF/SIEM integration for on-premises, Exadata, or heterogeneous environments.