diff --git a/scenarios/06-rag-vector-classified-docs/WORKSHOP.md b/scenarios/06-rag-vector-classified-docs/WORKSHOP.md index e752d08..1a97320 100755 --- a/scenarios/06-rag-vector-classified-docs/WORKSHOP.md +++ b/scenarios/06-rag-vector-classified-docs/WORKSHOP.md @@ -492,6 +492,30 @@ This workshop showed that: - Oracle Deep Data Security can enforce fine-grained access to rows and columns through data grants. - The LLM receives only the chunks the end user is authorized to access. +## What You Built + +You configured database-level security for a RAG copilot so each user retrieves only the document chunks they are authorized to access, regardless of how broad the vector search query might be. + +| Component | Purpose | +| --- | --- | +| `DDS_RAG_CHUNKS` | Vector-enabled table that stores document chunks, classifications, text, and embeddings. | +| `END USER` | `nina`, `heitor`, `sofia`, and `carlos`; DDS end-user identities used to evaluate the real user behind a RAG request. | +| `DATA ROLE` | `rag_employee_role`, `rag_hr_role`, `rag_legal_role`, and `rag_exec_role`; named authorization profiles for each business persona. | +| `DATA GRANT` | `rag_public_internal_docs`; allows regular employees to retrieve only `PUBLIC` and `INTERNAL` chunks. | +| `DATA GRANT` | `rag_hr_docs`; allows HR users to retrieve `PUBLIC`, `INTERNAL`, and `HR_CONFIDENTIAL` chunks. | +| `DATA GRANT` | `rag_legal_docs`; allows legal users to retrieve `PUBLIC`, `INTERNAL`, and `LEGAL_CONFIDENTIAL` chunks. | +| `DATA GRANT` | `rag_exec_docs`; allows executives to retrieve all classifications. | +| `VECTOR_DISTANCE` | SQL function used to rank chunks by semantic similarity to the RAG question embedding. | +| `SET USE DATA GRANTS ONLY` | DDS enforcement switch that makes data grants the active authorization boundary for `DDS_RAG_CHUNKS`. | +| `rag_legacy_retrieval_role` | Broad legacy role used only to demonstrate the vulnerable "before" state. | +| `rag_session_role` | Lab convenience role that grants `CREATE SESSION` so end users can connect directly with SQLcl for demo purposes. | + +Oracle Database restricted RAG retrieval to authorized chunks before the LLM received context. No duplicate vector stores, no application-only filtering, and no reliance on prompt instructions to hide confidential information. + +The trust chain is: **end-user authentication -> DATA ROLE -> DATA GRANT enforcement -> authorized vector retrieval**. + +The database enforces the boundary at query time, so the same semantic search can safely return different context for Nina, Heitor, Sofia, and Carlos. + ## Product Manager Talking Points - The security control is applied at the data source, before model invocation.