# Expected Results ## Before Oracle Deep Data Security - A broad legacy retrieval role can return `HR_CONFIDENTIAL`, `LEGAL_CONFIDENTIAL`, and `EXECUTIVE_CONFIDENTIAL` chunks. - A regular employee such as `nina` may receive sensitive chunks in the RAG context before the LLM generates an answer. ## After Oracle Deep Data Security - `nina` retrieves only `PUBLIC` and `INTERNAL` chunks. - `heitor` retrieves `HR_CONFIDENTIAL` plus public/internal chunks. - `sofia` retrieves `LEGAL_CONFIDENTIAL` plus public/internal chunks. - `carlos` retrieves all classifications through the executive role. - The RAG layer receives only chunks authorized by the database policy.