Security

Outlines the key security features of MCP Server, including authentication, access controls, auditing, and compliance, to help you protect your Autonomous AI Database environment.

Topics

  • Secured Data Access
    Enables fine-grained, secured data access using Virtual Private Database (VPD) policies and Security.
  • Create and Register a VPD Policy
    Learn how to create and register Virtual Private Database (VPD) policies to safeguard your data and operations.
  • Access Control Lists (ACLs)
    Manage and restrict network access to your database resources using Access Control Lists (ACLs).
  • Audit
    The MCP server provides auditing capabilities to help you monitor and track all access and operations. Audit logs capture detailed information for custom policies.

Parent topic: Autonomous AI Database MCP Server

Secured Data Access

Enables fine-grained, secured data access using Virtual Private Database (VPD) policies and Security.

With the Autonomous AI Database MCP Server, you can access all data and metadata that your database permissions allow. The MCP server works with Oracle security features such as Virtual Private Database (VPD) and Real Application Security (RAS), but does not enforce AI Profile-based controls or limit actions to "Select-only" access. You decide which tools to register and expose, so by selecting only a restrictive set of tools, you can control what operations the MCP server can perform on your data.

Note:

Keep in mind that when you use MCP, data may leave the database. Always consider the security of your MCP client application to ensure sensitive information remains protected.

Note:

You should ensure that your tool’s description clearly states that results from the tool are not intended as commands for the LLM to execute.

Ensure that the MCP database user has only the minimum required privileges to prevent sensitive data from leaving the database. Consider adopting a two-schema approach for enhanced security:
  • Custom tools should reside in the database user schema used to log in to the MCP server (for example, MCP_USER).
  • The PL/SQL functions utilized by these tools should be defined in a separate schema (for example, SALES_USER).
  • Grant appropriate access from SALES_USER to the MCP_USER schema.

Parent topic: Security

Create and Register a VPD Policy

Learn how to create and register Virtual Private Database (VPD) policies to safeguard your data and operations.

You can define Oracle Virtual Private Database (VPD) policies to provide fine-grained access control, ensuring that only specific rows of data are visible to each user.

This VPD policy example filters the HR.EMPLOYEE table so that users accessing it through MCP Server see only their own record, automatically and securely.

Example: Create a VPD policy on the database

This example shows how to return only the rows a signed-in user must see when an AI client calls MCP tools against Autonomous AI Database. 

CREATE OR REPLACE FUNCTION limit_sal (v_schema IN VARCHAR2, v_objname IN VARCHAR2)
  RETURN VARCHAR2 authid current_user AS
BEGIN
     RETURN 'employee_id = SYS_CONTEXT(''MCP_SERVER_ACCESS_CONTEXT'', ''USER_IDENTITY'')';
END;

When an MCP tool is accessed, the identity of the database user is available through sys_context('MCP_SERVER_ACCESS_CONTEXT', 'USER_IDENTITY'). You can create VPD policies that use these application context values to restrict which rows of data are visible to each application or database user. If there are existing VPD policies for a user, create another policy using MCP_SERVER_ACCESS_CONTEXT to restrict rows and use the VPD policies for the user when using the MCP Server.

Example: Register the VPD policy

This example attaches the filtering function to the HR.EMPLOYEE table. 

BEGIN
   DBMS_RLS.ADD_POLICY( 
        object_schema        => 'HR',
        object_name          => 'EMPLOYEE',
        policy_name          => 'POL',
        policy_function      => 'LIMIT_SAL');
END;
/

Parent topic: Security

Access Control Lists (ACLs)

Manage and restrict network access to your database resources using Access Control Lists (ACLs).

Access Control Lists (ACLs) provide a powerful way to manage and restrict network access to your database resources. By configuring ACLs, you can define which clients or networks are permitted to connect, enhancing your database security posture. See Network Access Control List (ACL) for more details.

Parent topic: Security

Audit

The MCP server provides auditing capabilities to help you monitor and track all access and operations. Audit logs capture detailed information for custom policies.

MCP server records detailed information about each access and the specific tools used.

Note:

Do not make security or auditing decisions based on SESSION_USER. Instead, use MCP_SERVER_ACCESS_CONTEXT$ to reliably reference the authenticated user.

Customer-Defined Audit Policies: Using MCP_SERVER_ACCESS_CONTEXT$, you can define custom audit policies to track access to database objects through the MCP server.
--Sample Policy to enable audit on a table when accessed using MCP server

create protected audit policy ADB_MCP_SERVER_ACCESS_AUDIT 
  actions SELECT on HR.EMPLOYEE
  when sys_context('MCP_SERVER_CONTEXT$', 'USERNAME') is not null;

Parent topic: Security