Hi All,
In this post i am going share about Oracle Deep Data Security .
You will learn how to shift from fragmented, application-based controls to a centralized, declarative model that evaluates identity and context at runtime.
The brief offers practical guidance for enforcing least-privilege access, protecting AI-driven workflows such as retrieval-augmented generation (RAG), and allowing agents to operate within clearly defined guardrails.
It also explains how capabilities such as cell-level authorization, secure identity propagation, and controlled privilege elevation can reduce risk without sacrificing flexibility or performance.
Identity & context-aware access control across workloads :::
Key benefits include:
Reduced data exposure risk with database-enforced authorization across all access paths .
Least-privilege access for users and non-human identities, including AI agents .
Rapid adaptation to changing security requirements by separating policy from application code.
Strengthened governance with centralized, end-user-aware auditing.
Performance and scale maintained for enterprise workloads.
Why Agentic AI increases the risk ?
Agentic AI changes how applications interact with data. Instead of executing predefined logic, agents generate SQL at runtime based on user input and model reasoning. This shift introduces new security risks that traditional controls were not designed to address.
Declarative policy model :
Deep Data Security enforces access control through declarative SQL policies, referred to as Data Grants. These policies define which operations—such as SELECT, INSERT, UPDATE, and DELETE—are allowed on specific rows, columns, or individual data values.
Policies use SQL predicates to identify the data they apply to and can incorporate joins, subqueries, and runtime attributes. This enables precise, context-aware decisions based on both user attributes and data relationships.
Policy for row-level access ::
Cell-level authorization ::
Cell-level authorization enables control over individual data values within a row.
This allows organizations to enforce strict least-privilege access without creating complex views or duplicating data structures.
For example:
Employees can view their own records but update only contact details .
Managers can update salaries for direct reports but not their own.
Sensitive attributes such as SSNs remain restricted even when other fields are visible
Runtime policy enforcement ::
At runtime, Deep Data Security evaluates authorization policies and transparently rewrites queries and other SQL operations, independent of application logic, to enforce authorization controls. In effect, Deep Data Security serves as the policy decision point (PDP), while the database SQL engine functions as the policy enforcement point (PEP). This helps ensure end users can access only authorized data, regardless of the SQL executed by an agent or application, which helps mitigate prompt injection and SQL injection attacks.
Authorization APIs ::
End-user security context
The Oracle Deep Data Security advantage ::
Securing AI-driven access requires enforcement at the data layer.
Oracle Deep Data Security, built into Oracle AI Database 26ai, embeds centralized, declarative authorization policies directly in the database. By separating authorization logic from application code, it helps organizations apply consistent access controls across agentic AI, analytics, and enterprise applications, without depending on how SQL is generated.
Realizing enterprise benefits :::
Oracle Deep Data Security helps organizations scale AI adoption while maintaining governance and control:
Enforce identity- and context-aware access: Evaluate runtime security context for both human users and AI agents to support least-privilege access.
Protect data at a granular level: Apply row-, column-, and cell-level authorization without requiring complex application logic or data duplication.
Simplify application development: Decouple authorization policies from application code to reduce hardcoded logic and streamline updates.
Apply consistent policy enforcement: Extend controls across relational data, vector data used in retrieval augmented generation (RAG), and heterogeneous Lakehouse environments.
Strengthen governance and auditing: Centralize auditing of database activity with end-user and agent attribution to support security and compliance requirements.
Thanks,
Srini
No comments:
Post a Comment
No one has ever become poor by giving