Add RAG workshop summary section
Some checks failed
Repo Quality / structure (push) Has been cancelled

This commit is contained in:
2026-05-14 14:02:29 -03:00
parent 192bf5de0d
commit dd3424ab11

View File

@@ -492,6 +492,30 @@ This workshop showed that:
- Oracle Deep Data Security can enforce fine-grained access to rows and columns through data grants.
- The LLM receives only the chunks the end user is authorized to access.
## What You Built
You configured database-level security for a RAG copilot so each user retrieves only the document chunks they are authorized to access, regardless of how broad the vector search query might be.
| Component | Purpose |
| --- | --- |
| `DDS_RAG_CHUNKS` | Vector-enabled table that stores document chunks, classifications, text, and embeddings. |
| `END USER` | `nina`, `heitor`, `sofia`, and `carlos`; DDS end-user identities used to evaluate the real user behind a RAG request. |
| `DATA ROLE` | `rag_employee_role`, `rag_hr_role`, `rag_legal_role`, and `rag_exec_role`; named authorization profiles for each business persona. |
| `DATA GRANT` | `rag_public_internal_docs`; allows regular employees to retrieve only `PUBLIC` and `INTERNAL` chunks. |
| `DATA GRANT` | `rag_hr_docs`; allows HR users to retrieve `PUBLIC`, `INTERNAL`, and `HR_CONFIDENTIAL` chunks. |
| `DATA GRANT` | `rag_legal_docs`; allows legal users to retrieve `PUBLIC`, `INTERNAL`, and `LEGAL_CONFIDENTIAL` chunks. |
| `DATA GRANT` | `rag_exec_docs`; allows executives to retrieve all classifications. |
| `VECTOR_DISTANCE` | SQL function used to rank chunks by semantic similarity to the RAG question embedding. |
| `SET USE DATA GRANTS ONLY` | DDS enforcement switch that makes data grants the active authorization boundary for `DDS_RAG_CHUNKS`. |
| `rag_legacy_retrieval_role` | Broad legacy role used only to demonstrate the vulnerable "before" state. |
| `rag_session_role` | Lab convenience role that grants `CREATE SESSION` so end users can connect directly with SQLcl for demo purposes. |
Oracle Database restricted RAG retrieval to authorized chunks before the LLM received context. No duplicate vector stores, no application-only filtering, and no reliance on prompt instructions to hide confidential information.
The trust chain is: **end-user authentication -> DATA ROLE -> DATA GRANT enforcement -> authorized vector retrieval**.
The database enforces the boundary at query time, so the same semantic search can safely return different context for Nina, Heitor, Sofia, and Carlos.
## Product Manager Talking Points
- The security control is applied at the data source, before model invocation.