Oracle Deep Data Security for Identity Aware Authorization in Autonomous AI Database

Oracle Deep Data Security provides identity-aware, fine-grained authorization for database objects. It enables you to control access to data at the row and column level based on the authenticated end-user identity. Unlike traditional authorization models that rely on application logic, middleware, or custom query filtering, Oracle Deep Data Security enforces authorization directly within the database. Authorization policies are evaluated before data is returned, ensuring that users can access only the data they are authorized to view or modify.

About Oracle Deep Data Security in Autonomous AI Database

Autonomous AI Database supports Oracle Deep Data Security, enabling you to apply database-enforced authorization consistently across applications, data analytics tools, REST services, and AI-powered workloads.

Many enterprise applications allow multiple users to access the same database tables. In these environments, every user should see only the data they are authorized to access. Traditional authorization models typically enforce security within the application layer. As organizations adopt AI assistants, copilots, and agentic AI applications that dynamically generate SQL statements, maintaining consistent authorization across every access path becomes increasingly challenging.

Oracle Deep Data Security addresses this challenge by moving authorization into the database. Authorization policies are declarative, identity-aware, and evaluated for every SQL statement before data leaves the database. Because enforcement occurs within Oracle AI Database, the same authorization policies apply regardless of whether the request originates from an application, reporting tool, REST API, SQL client, or AI agent.

This database-enforced authorization model provides a trusted security boundary for enterprise AI workloads by ensuring that AI agents access only the data authorized for the authenticated user.

Note: Oracle Deep Data Security is supported only with Oracle AI Database 26ai.

Oracle Deep Data Security helps you:

Because authorization is enforced within Oracle Database, the same policies are applied consistently regardless of how the database is accessed.

See Introduction to Oracle Deep Data Security for more information.

Prerequisites

Before you use Oracle Deep Data Security with Autonomous AI Database, ensure that the following prerequisites are met:

Limitations and Restrictions

Consider the following when using Oracle Deep Data Security with Autonomous AI Database:

See Understand Oracle Deep Data Security for more information.

How Oracle Deep Data Security Works

Oracle Deep Data Security uses end users, data roles, and data grants to evaluate authorization policies at runtime.

End Users

End users represent the authenticated individuals requesting access to data. Unlike traditional schema users, end users do not own database objects or receive object privileges directly.

End users authenticate through Oracle Cloud Infrastructure IAM, Microsoft Entra ID, or password-based authentication. Oracle AI Database uses the authenticated identity to determine which authorization policies apply.

Data Roles

A data role is a named collection of authorization policies.

One or more data grants are associated with a data role, and the data role is assigned to end users. When an end user authenticates, Oracle AI Database automatically activates the assigned data roles.

Data Grants

A data grant defines:

Authorization policies are defined by using SQL predicates that Oracle AI Database evaluates during query execution. Policy predicates can reference runtime identity information through functions such as ORA_END_USER_CONTEXT.

Oracle AI Database automatically rewrites SQL statements to apply the appropriate authorization predicates before returning query results.

Authorization Flow

The following sequence illustrates how authorization is enforced:

  1. A user authenticates through Oracle Cloud Infrastructure IAM, Microsoft Entra ID, or another supported authentication method.

  2. The application propagates the authenticated identity to Autonomous AI Database.

  3. Oracle AI Database activates the data roles assigned to the authenticated end user.

  4. Oracle AI Database evaluates the associated data grants.

  5. Row-level and column-level authorization policies are applied automatically.

  6. Only authorized data is returned to the requesting application, analytics tool, or AI agent.

Because authorization is enforced within the database, applications and AI agents cannot bypass the configured authorization policies.

See Oracle Deep Data Security Fundamentals for more information.

Examples

The following examples show how Oracle Deep Data Security can enforce identity-aware access in common application and AI scenarios.

Example 1: Employee Self-Service

An organization stores employee information in a shared EMPLOYEES table.

Employees authenticate using Microsoft Entra ID and access an HR application. Each employee should be able to view only their own salary, contact information, and employment details.

When Emma signs in and requests her employee information, the application passes her authenticated identity to Autonomous AI Database. Oracle AI Database evaluates the applicable data grants and returns only Emma’s employee record. If Emma attempts to access another employee’s information, the database automatically filters the results based on the configured authorization policy.

Example 2: Manager Access

Managers require access to employee information for their reporting hierarchy.

For example, Marvin manages a software engineering team. Oracle Deep Data Security grants Marvin access to records for employees who report to him while continuing to protect sensitive information such as Social Security Numbers.

When Marvin queries employee information, Oracle AI Database automatically applies the configured authorization policies and returns only the rows and columns permitted for his role.

Example 3: Identity-Aware Access with Microsoft Entra ID

An organization uses Microsoft Entra ID as its enterprise identity provider and Autonomous AI Database as its data platform.

Employees authenticate using their Microsoft Entra ID accounts. The application propagates the authenticated identity to Autonomous AI Database, where Oracle Deep Data Security maps the identity to an end user and evaluates the assigned data roles and data grants.

User Role Authorized Access
Emma Employee View and update her own employee information.
Marvin Manager View information for himself and his direct reports.
HR Analyst Human Resources View employee information according to assigned policies.
AI Assistant Acting on behalf of Emma Access only the data Emma is authorized to access.

Although all users access the same database tables, Oracle AI Database automatically applies different authorization policies based on the authenticated identity.

Example 4: AI Assistant Access

An AI assistant allows employees to ask questions about HR information.

Emma asks:

Show me my salary, manager, and department information.

The AI assistant generates a SQL statement and submits it to Autonomous AI Database by using Emma’s authenticated identity.

Oracle AI Database evaluates the applicable authorization policies and returns only Emma’s authorized information.

If Emma instead asks:

Show me the salaries of everyone in my department.

The AI assistant may generate SQL that attempts to retrieve multiple employee records. Before returning results, Oracle AI Database evaluates the configured data grants and filters the results according to Emma’s authorization policies. As a result, the AI assistant receives only the data Emma is authorized to access.

This approach enables organizations to deploy AI-powered applications while relying on Oracle AI Database to enforce authorization consistently.

Case Study: Use Oracle Deep Data Security with Select AI

This case study shows how to use Oracle Deep Data Security with Select AI. The example protects a sales table, exposes only AI-safe metadata through a view, creates end users and data roles, creates data grants, and configures a Select AI agent to query only authorized results.

Create a Protected Business Object

Create a protected business object that stores sales order information.

CREATE TABLE sales_sec.sales_orders (
  order_id       NUMBER PRIMARY KEY,
  customer_name  VARCHAR2(100),
  region         VARCHAR2(30),
  order_total    NUMBER(12,2),
  margin_amount  NUMBER(12,2),
  card_token     VARCHAR2(100),
  order_status   VARCHAR2(20));

Create an AI-Safe View

Create an AI-safe view that does not expose the card_token column metadata to Select AI.

CREATE OR REPLACE VIEW sales_sec.ai_sales_orders_v AS
SELECT order_id,
       customer_name,
       region,
       order_total,
       margin_amount,
       order_status
FROM   sales_sec.sales_orders;

Create End Users and Data Roles

Create the end users and data roles for the sales access policies.

CREATE END USER amy_ne IDENTIFIED BY "<input your password>";
CREATE END USER ben_west IDENTIFIED BY "<input your password>";
CREATE END USER cora_exec IDENTIFIED BY "<input your password>";

CREATE DATA ROLE sales_reader_role;
CREATE DATA ROLE sales_margin_role;
CREATE DATA ROLE sales_exec_role;

CREATE ROLE deepsec_login_role;
GRANT CREATE SESSION TO deepsec_login_role;

GRANT deepsec_login_role TO sales_reader_role;
GRANT deepsec_login_role TO sales_margin_role;
GRANT deepsec_login_role TO sales_exec_role;

GRANT DATA ROLE sales_reader_role TO amy_ne;
GRANT DATA ROLE sales_reader_role TO ben_west;
GRANT DATA ROLE sales_margin_role TO ben_west;
GRANT DATA ROLE sales_exec_role TO cora_exec;

Create Data Grants

Create data grants to control the rows and columns each user can access.

Amy can see Northeast sales rows, but the margin_amount column is not included in the grant.

CREATE OR REPLACE DATA GRANT sales_sec.dg_ne_sales
  AS SELECT (order_id, customer_name, region, order_total, order_status)
  ON sales_sec.ai_sales_orders_v
  WHERE region = 'NORTHEAST'
  TO sales_reader_role;

Ben can see West sales rows with basic columns.

CREATE OR REPLACE DATA GRANT sales_sec.dg_west_sales
  AS SELECT (order_id, customer_name, region, order_total, order_status)
  ON sales_sec.ai_sales_orders_v
  WHERE region = 'WEST'
  TO sales_reader_role;

Ben’s additional role exposes the margin_amount column only for West sales rows.

CREATE OR REPLACE DATA GRANT sales_sec.dg_west_margin
  AS SELECT (margin_amount)
  ON sales_sec.ai_sales_orders_v
  WHERE region = 'WEST'
  TO sales_margin_role;

Cora can see all rows and all exposed columns.

CREATE OR REPLACE DATA GRANT sales_sec.dg_exec_all_sales
  AS SELECT
  ON sales_sec.ai_sales_orders_v
  TO sales_exec_role;

Enable Data Grant Enforcement

Enable data grant enforcement on the AI-safe view.

SET USE DATA GRANTS ONLY ON sales_sec.ai_sales_orders_v ENABLED;

Configure the Select AI Agent

Configure the Select AI profile, tool, agent, task, and team to use only the protected view.

BEGIN
  DBMS_CLOUD_AI.CREATE_PROFILE(
    profile_name => 'SALES_DEEPSEC_NL2SQL',
    attributes   => '{
      "provider": "oci",
      "credential_name": "OCI$RESOURCE_PRINCIPAL",
      "region": "us-chicago-1",
      "object_list": [{"owner":"SALES_SEC","name":"AI_SALES_ORDERS_V"}],
      "comments": true,
      "temperature": 0
    }'
  );

  DBMS_CLOUD_AI_AGENT.CREATE_TOOL(
    tool_name  => 'SALES_SQL',
    attributes => '{
      "tool_type": "SQL",
      "tool_params": {"profile_name":"SALES_DEEPSEC_NL2SQL"}
    }'
  );

  DBMS_CLOUD_AI_AGENT.CREATE_AGENT(
    agent_name => 'SALES_ANALYST_AGENT',
    attributes => '{
      "profile_name":"SALES_DEEPSEC_NL2SQL",
      "role":"Answer sales questions using only authorized SQL results."
    }'
  );

  DBMS_CLOUD_AI_AGENT.CREATE_TASK(
    task_name => 'ANSWER_SALES',
    attributes => '{
      "instruction":"Answer this sales question: {query}",
      "tools":["SALES_SQL"],
      "enable_human_tool":"false"
    }'
  );

  DBMS_CLOUD_AI_AGENT.CREATE_TEAM(
    team_name => 'SALES_DEEPSEC_TEAM',
    attributes => '{"agents":[{"name":"SALES_ANALYST_AGENT","task":"ANSWER_SALES"}],
                    "process":"sequential"}'
  );
END;
/

Query with Select AI Agent

Use the following Select AI Agent prompt:

SELECT AI AGENT show sales by region including margin;

Oracle Deep Data Security applies the configured data grants before results are returned:

End User Authorized Result
amy_ne Sees only Northeast sales rows. The margin_amount column is unavailable or returned as NULL.
ben_west Sees only West sales rows. The margin_amount column is visible.
cora_exec Sees all regions and the margin_amount column.
All users No user sees card_token, because it is not exposed in the Select AI object list.