Oracle Deep Data Security for Identity Aware Authorization in Autonomous AI Database
Oracle Deep Data Security provides identity-aware, fine-grained authorization for database objects. It enables you to control access to data at the row and column level based on the authenticated end-user identity. Unlike traditional authorization models that rely on application logic, middleware, or custom query filtering, Oracle Deep Data Security enforces authorization directly within the database. Authorization policies are evaluated before data is returned, ensuring that users can access only the data they are authorized to view or modify.
About Oracle Deep Data Security in Autonomous AI Database
Autonomous AI Database supports Oracle Deep Data Security, enabling you to apply database-enforced authorization consistently across applications, data analytics tools, REST services, and AI-powered workloads.
Many enterprise applications allow multiple users to access the same database tables. In these environments, every user should see only the data they are authorized to access. Traditional authorization models typically enforce security within the application layer. As organizations adopt AI assistants, copilots, and agentic AI applications that dynamically generate SQL statements, maintaining consistent authorization across every access path becomes increasingly challenging.
Oracle Deep Data Security addresses this challenge by moving authorization into the database. Authorization policies are declarative, identity-aware, and evaluated for every SQL statement before data leaves the database. Because enforcement occurs within Oracle AI Database, the same authorization policies apply regardless of whether the request originates from an application, reporting tool, REST API, SQL client, or AI agent.
This database-enforced authorization model provides a trusted security boundary for enterprise AI workloads by ensuring that AI agents access only the data authorized for the authenticated user.
Note: Oracle Deep Data Security is supported only with Oracle AI Database 26ai.
Oracle Deep Data Security helps you:
-
Enforce row-level and column-level authorization based on authenticated user identity.
-
Centralize authorization policies within the database.
-
Protect sensitive data stored in shared database tables.
-
Apply consistent authorization across applications, APIs, analytics platforms, and AI-powered workloads.
-
Reduce reliance on application-specific authorization logic.
-
Ensure AI agents inherit the same authorization policies as the authenticated user.
Because authorization is enforced within Oracle Database, the same policies are applied consistently regardless of how the database is accessed.
See Introduction to Oracle Deep Data Security for more information.
Prerequisites
Before you use Oracle Deep Data Security with Autonomous AI Database, ensure that the following prerequisites are met:
-
You are connected to the database as the ADMIN user or as a user with privileges to create and manage end users, data roles, and data grants.
-
If you use enterprise authentication, configure a supported identity provider such as Oracle Cloud Infrastructure Identity and Access Management (IAM) or Microsoft Entra ID. See Use Identity and Access Management (IAM) Authentication with Autonomous AI Database for more information.
-
Applications or AI agents that connect to Autonomous AI Database on behalf of users must propagate the authenticated end-user identity so that authorization policies can be evaluated correctly.
Limitations and Restrictions
Consider the following when using Oracle Deep Data Security with Autonomous AI Database:
-
Oracle Deep Data Security provides authorization controls that work with the built-in security features of Autonomous AI Database, including always-on encryption, auditing, Oracle AI Database Vault, Oracle Data Safe, and other database security features.
-
Authorization policies must be designed and maintained to reflect organizational access requirements.
-
Applications and AI agents should propagate end-user identity information so that policies can be evaluated correctly.
See Understand Oracle Deep Data Security for more information.
How Oracle Deep Data Security Works
Oracle Deep Data Security uses end users, data roles, and data grants to evaluate authorization policies at runtime.
End Users
End users represent the authenticated individuals requesting access to data. Unlike traditional schema users, end users do not own database objects or receive object privileges directly.
End users authenticate through Oracle Cloud Infrastructure IAM, Microsoft Entra ID, or password-based authentication. Oracle AI Database uses the authenticated identity to determine which authorization policies apply.
Data Roles
A data role is a named collection of authorization policies.
One or more data grants are associated with a data role, and the data role is assigned to end users. When an end user authenticates, Oracle AI Database automatically activates the assigned data roles.
Data Grants
A data grant defines:
-
The rows an end user can access.
-
The columns an end user can view or modify.
Authorization policies are defined by using SQL predicates that Oracle AI Database evaluates during query execution. Policy predicates can reference runtime identity information through functions such as ORA_END_USER_CONTEXT.
Oracle AI Database automatically rewrites SQL statements to apply the appropriate authorization predicates before returning query results.
Authorization Flow
The following sequence illustrates how authorization is enforced:
-
A user authenticates through Oracle Cloud Infrastructure IAM, Microsoft Entra ID, or another supported authentication method.
-
The application propagates the authenticated identity to Autonomous AI Database.
-
Oracle AI Database activates the data roles assigned to the authenticated end user.
-
Oracle AI Database evaluates the associated data grants.
-
Row-level and column-level authorization policies are applied automatically.
-
Only authorized data is returned to the requesting application, analytics tool, or AI agent.
Because authorization is enforced within the database, applications and AI agents cannot bypass the configured authorization policies.
See Oracle Deep Data Security Fundamentals for more information.
Examples
The following examples show how Oracle Deep Data Security can enforce identity-aware access in common application and AI scenarios.
Example 1: Employee Self-Service
An organization stores employee information in a shared EMPLOYEES table.
Employees authenticate using Microsoft Entra ID and access an HR application. Each employee should be able to view only their own salary, contact information, and employment details.
When Emma signs in and requests her employee information, the application passes her authenticated identity to Autonomous AI Database. Oracle AI Database evaluates the applicable data grants and returns only Emma’s employee record. If Emma attempts to access another employee’s information, the database automatically filters the results based on the configured authorization policy.
Example 2: Manager Access
Managers require access to employee information for their reporting hierarchy.
For example, Marvin manages a software engineering team. Oracle Deep Data Security grants Marvin access to records for employees who report to him while continuing to protect sensitive information such as Social Security Numbers.
When Marvin queries employee information, Oracle AI Database automatically applies the configured authorization policies and returns only the rows and columns permitted for his role.
Example 3: Identity-Aware Access with Microsoft Entra ID
An organization uses Microsoft Entra ID as its enterprise identity provider and Autonomous AI Database as its data platform.
Employees authenticate using their Microsoft Entra ID accounts. The application propagates the authenticated identity to Autonomous AI Database, where Oracle Deep Data Security maps the identity to an end user and evaluates the assigned data roles and data grants.
| User | Role | Authorized Access |
|---|---|---|
| Emma | Employee | View and update her own employee information. |
| Marvin | Manager | View information for himself and his direct reports. |
| HR Analyst | Human Resources | View employee information according to assigned policies. |
| AI Assistant | Acting on behalf of Emma | Access only the data Emma is authorized to access. |
Although all users access the same database tables, Oracle AI Database automatically applies different authorization policies based on the authenticated identity.
Example 4: AI Assistant Access
An AI assistant allows employees to ask questions about HR information.
Emma asks:
Show me my salary, manager, and department information.
The AI assistant generates a SQL statement and submits it to Autonomous AI Database by using Emma’s authenticated identity.
Oracle AI Database evaluates the applicable authorization policies and returns only Emma’s authorized information.
If Emma instead asks:
Show me the salaries of everyone in my department.
The AI assistant may generate SQL that attempts to retrieve multiple employee records. Before returning results, Oracle AI Database evaluates the configured data grants and filters the results according to Emma’s authorization policies. As a result, the AI assistant receives only the data Emma is authorized to access.
This approach enables organizations to deploy AI-powered applications while relying on Oracle AI Database to enforce authorization consistently.
Case Study: Use Oracle Deep Data Security with Select AI
This case study shows how to use Oracle Deep Data Security with Select AI. The example protects a sales table, exposes only AI-safe metadata through a view, creates end users and data roles, creates data grants, and configures a Select AI agent to query only authorized results.
Create a Protected Business Object
Create a protected business object that stores sales order information.
CREATE TABLE sales_sec.sales_orders (
order_id NUMBER PRIMARY KEY,
customer_name VARCHAR2(100),
region VARCHAR2(30),
order_total NUMBER(12,2),
margin_amount NUMBER(12,2),
card_token VARCHAR2(100),
order_status VARCHAR2(20));
Create an AI-Safe View
Create an AI-safe view that does not expose the card_token column metadata to Select AI.
CREATE OR REPLACE VIEW sales_sec.ai_sales_orders_v AS
SELECT order_id,
customer_name,
region,
order_total,
margin_amount,
order_status
FROM sales_sec.sales_orders;
Create End Users and Data Roles
Create the end users and data roles for the sales access policies.
CREATE END USER amy_ne IDENTIFIED BY "<input your password>";
CREATE END USER ben_west IDENTIFIED BY "<input your password>";
CREATE END USER cora_exec IDENTIFIED BY "<input your password>";
CREATE DATA ROLE sales_reader_role;
CREATE DATA ROLE sales_margin_role;
CREATE DATA ROLE sales_exec_role;
CREATE ROLE deepsec_login_role;
GRANT CREATE SESSION TO deepsec_login_role;
GRANT deepsec_login_role TO sales_reader_role;
GRANT deepsec_login_role TO sales_margin_role;
GRANT deepsec_login_role TO sales_exec_role;
GRANT DATA ROLE sales_reader_role TO amy_ne;
GRANT DATA ROLE sales_reader_role TO ben_west;
GRANT DATA ROLE sales_margin_role TO ben_west;
GRANT DATA ROLE sales_exec_role TO cora_exec;
Create Data Grants
Create data grants to control the rows and columns each user can access.
Amy can see Northeast sales rows, but the margin_amount column is not included in the grant.
CREATE OR REPLACE DATA GRANT sales_sec.dg_ne_sales
AS SELECT (order_id, customer_name, region, order_total, order_status)
ON sales_sec.ai_sales_orders_v
WHERE region = 'NORTHEAST'
TO sales_reader_role;
Ben can see West sales rows with basic columns.
CREATE OR REPLACE DATA GRANT sales_sec.dg_west_sales
AS SELECT (order_id, customer_name, region, order_total, order_status)
ON sales_sec.ai_sales_orders_v
WHERE region = 'WEST'
TO sales_reader_role;
Ben’s additional role exposes the margin_amount column only for West sales rows.
CREATE OR REPLACE DATA GRANT sales_sec.dg_west_margin
AS SELECT (margin_amount)
ON sales_sec.ai_sales_orders_v
WHERE region = 'WEST'
TO sales_margin_role;
Cora can see all rows and all exposed columns.
CREATE OR REPLACE DATA GRANT sales_sec.dg_exec_all_sales
AS SELECT
ON sales_sec.ai_sales_orders_v
TO sales_exec_role;
Enable Data Grant Enforcement
Enable data grant enforcement on the AI-safe view.
SET USE DATA GRANTS ONLY ON sales_sec.ai_sales_orders_v ENABLED;
Configure the Select AI Agent
Configure the Select AI profile, tool, agent, task, and team to use only the protected view.
BEGIN
DBMS_CLOUD_AI.CREATE_PROFILE(
profile_name => 'SALES_DEEPSEC_NL2SQL',
attributes => '{
"provider": "oci",
"credential_name": "OCI$RESOURCE_PRINCIPAL",
"region": "us-chicago-1",
"object_list": [{"owner":"SALES_SEC","name":"AI_SALES_ORDERS_V"}],
"comments": true,
"temperature": 0
}'
);
DBMS_CLOUD_AI_AGENT.CREATE_TOOL(
tool_name => 'SALES_SQL',
attributes => '{
"tool_type": "SQL",
"tool_params": {"profile_name":"SALES_DEEPSEC_NL2SQL"}
}'
);
DBMS_CLOUD_AI_AGENT.CREATE_AGENT(
agent_name => 'SALES_ANALYST_AGENT',
attributes => '{
"profile_name":"SALES_DEEPSEC_NL2SQL",
"role":"Answer sales questions using only authorized SQL results."
}'
);
DBMS_CLOUD_AI_AGENT.CREATE_TASK(
task_name => 'ANSWER_SALES',
attributes => '{
"instruction":"Answer this sales question: {query}",
"tools":["SALES_SQL"],
"enable_human_tool":"false"
}'
);
DBMS_CLOUD_AI_AGENT.CREATE_TEAM(
team_name => 'SALES_DEEPSEC_TEAM',
attributes => '{"agents":[{"name":"SALES_ANALYST_AGENT","task":"ANSWER_SALES"}],
"process":"sequential"}'
);
END;
/
Query with Select AI Agent
Use the following Select AI Agent prompt:
SELECT AI AGENT show sales by region including margin;
Oracle Deep Data Security applies the configured data grants before results are returned:
| End User | Authorized Result |
|---|---|
amy_ne |
Sees only Northeast sales rows. The margin_amount column is unavailable or returned as NULL. |
ben_west |
Sees only West sales rows. The margin_amount column is visible. |
cora_exec |
Sees all regions and the margin_amount column. |
| All users | No user sees card_token, because it is not exposed in the Select AI object list. |