Files
oracle-deep-data-security-lab/scenarios/05-legacy-app-ai-extension/README.md
Rodrigo db3d68af10
Some checks failed
Repo Quality / structure (push) Has been cancelled
Terraform Validate / validate (push) Has been cancelled
Improve Deep Data Security lab scenarios
2026-05-13 16:13:04 -03:00

120 lines
3.1 KiB
Markdown
Executable File

# 05 - Legacy App AI Extension
## Objective
Show how a legacy application can be extended with an AI agent without rewriting all application authorization logic.
## What This Lab Shows
Before Oracle Deep Data Security, an AI agent connected to the same legacy schema can query customers, margin, contracts, legal clauses, and private support tickets. After data grants are applied, the agent receives only the data allowed for the propagated persona.
## Personas
- `joao`: regional sales representative.
- `ana`: Brazil sales manager.
- `maria`: customer support.
- `sofia`: legal user.
- `legacy_app`: technical account for the existing application.
- `ai_agent_app`: technical account for the new AI agent.
## Where To Run The Commands
Run commands from the repository root:
```powershell
cd C:\Users\rodrigo\Documents\Codex\oracle-deep-data-security-lab
```
Connect to the database with SQLcl or SQL*Plus:
```bash
sql "<connect_string>"
```
Example:
```text
ADMIN/<password>@ddslab_high
```
If you use Autonomous Database with a wallet, configure `TNS_ADMIN` to point to the wallet directory before connecting.
## Step By Step - Before, Vulnerable Environment
1. Connect to the database:
```bash
sql "<connect_string>"
```
2. Clean up any previous run:
```sql
@scenarios/05-legacy-app-ai-extension/sql/99_reset.sql
```
3. Create the legacy dataset, contracts, tickets, and personas:
```sql
@scenarios/05-legacy-app-ai-extension/sql/00_schema.sql
@scenarios/05-legacy-app-ai-extension/sql/01_seed_data.sql
@scenarios/05-legacy-app-ai-extension/sql/02_identities.sql
```
4. Simulate the AI agent question:
```text
List all high-risk customers, margin, renewals, legal clauses, and private support notes.
```
5. Run the broad queries that represent the agent response:
```sql
@scenarios/05-legacy-app-ai-extension/sql/04_test_queries.sql
```
Expected result before protection: the agent can combine commercial, legal, and support data beyond what is needed.
## Step By Step - After, With Deep Data Security
1. Apply the data grants:
```sql
@scenarios/05-legacy-app-ai-extension/sql/03_data_grants.sql
```
2. Run the same queries again:
```sql
@scenarios/05-legacy-app-ai-extension/sql/04_test_queries.sql
```
3. Repeat the demo by simulating the `joao`, `ana`, `maria`, and `sofia` personas.
Expected result after protection:
- `joao` sees his portfolio without margin or legal hold.
- `ana` sees Brazil customers and regional commercial metrics.
- `maria` sees operational tickets without legal clauses or private notes.
- `sofia` sees authorized contracts and legal clauses.
- AI modernization is possible without exposing the whole schema.
## Optional Automated Execution
Windows:
```powershell
powershell -ExecutionPolicy Bypass -File .\scripts\run-scenario.ps1 -Scenario 05-legacy-app-ai-extension -ConnectString "<connect_string>"
```
Linux/macOS:
```bash
./scripts/run-scenario.sh 05-legacy-app-ai-extension "<connect_string>"
```
## Demo Details
See the complete walkthrough, evidence, and official references in [RUNBOOK.md](RUNBOOK.md).