Security

Control access to data used by A2A agents by applying security policies and auditing mechanisms.

VPD Policy

Use Virtual Private Database (VPD) policies to enforce fine-grained access control based on agent context.

Available context values:

SYS_CONTEXT('A2A_AGENT_ACCESS_CONTEXT$', 'USER_IDENTITY')
SYS_CONTEXT('A2A_AGENT_ACCESS_CONTEXT$', 'TEAM_NAME')

Example: Define and Apply a VPD Policy

-- Define VPD policy
CREATE OR REPLACE FUNCTION limit_access (v_schema IN VARCHAR2, v_objname IN VARCHAR2)
RETURN VARCHAR2 authid current_user AS
BEGIN
RETURN 'SYS_CONTEXT(''A2A_AGENT_ACCESS_CONTEXT$'', ''TEAM_NAME'') = ''REPORT_SUMMARY_AGENT_TEAM''';
END;

-- Apply policy on table
BEGIN
DBMS_RLS.ADD_POLICY(
object_schema        => 'HR',
object_name          => 'EMPLOYEES',
policy_name          => 'POL',
policy_function      => 'LIMIT_ACCESS');
END;
/

This policy restricts access to rows based on the agent team name.

Audit Trail

Access to A2A agents is recorded in the unified audit trail through an Oracle-managed audit policy. Oracle stores the resulting audit records in the UNIFIED_AUDIT_TRAIL view, which you can query to review audited activity. Audit records are generated during or after running the audited SQL statements and operations.

You can define custom audit policies that use the A2A_AGENT_ACCESS_CONTEXT$ application context to audit access for a specific Select AI agent team. In the expression SYS_CONTEXT('A2A_AGENT_ACCESS_CONTEXT$', 'TEAM_NAME'), TEAM_NAME is the context attribute name. Do not replace TEAM_NAME. Replace only the compared value, such as 'REPORT_SUMMARY_AGENT_TEAM', with your agent team name. Your policy compares that context value to your actual agent team name, for example:

SYS_CONTEXT('A2A_AGENT_ACCESS_CONTEXT$', 'TEAM_NAME') =
      'REPORT_SUMMARY_AGENT_TEAM'

SYS_CONTEXT returns the value of the named attribute from the application context, and Oracle application context is commonly used with security and policy enforcement features such as VPD and unified auditing.

After you create the custom audit policy and enable it with the AUDIT statement, Oracle evaluates the policy for matching operations and writes unified audit records for the activity that satisfies the policy conditions. Those records then appear in UNIFIED_AUDIT_TRAIL. A unified audit policy takes effect in the next user session for the users being audited. Access to the audit logs depends on database privileges and security configuration.

Example: Create an Audit Policy

create audit policy MY_A2A_AGENT_ACCESS_AUDIT_POLICY
actions SELECT on HR.EMPLOYEE
when sys_context('A2A_AGENT_ACCESS_CONTEXT$', 'TEAM_NAME') is not null;

Recommendations

Network Configuration for Private Endpoint

If the database uses a Private Endpoint, the A2A server endpoint is accessible only from the configured Virtual Cloud Network (VCN). External clients outside the VCN cannot connect.

Endpoint format:

https://{hostname_prefix}.adb.{region-identifier}.oraclecloudapps.com/adb/a2a/v1/{database-ocid}

Retrieve the hostname_prefix from the database details page in the OCI Console.

See Private Endpoint Access for more details.

You can use the A2A Agent with a private endpoint-enabled Autonomous AI Database only when the A2A client agent runs in the same private VCN or has network connectivity to the database. If the A2A client agent runs in another cloud or an external environment, configure the network according to the connectivity guidelines for that platform to enable communication with Autonomous AI Database.

For example, when you configure a Google Gemini Enterprise application, follow Google’s private networking guidance. See Multi-agent private networking patterns in Google Cloud for details.