4.5 KiB
Executable File
Runbook - 06 RAG Vector Classified Docs
Objective
Show that a RAG agent retrieves only authorized chunks/documents before sending context to the LLM.
Security Value
- Reduces over-retrieval in RAG.
- Prevents confidential chunks from being sent to the model.
- Combines vector search with data grants by classification.
Prerequisites
- Oracle AI Database with support for
VECTOR,TO_VECTOR, andVECTOR_DISTANCE. - Database compatible with Oracle Deep Data Security.
- SQLcl or SQL*Plus.
Before - Vulnerable Environment
-
From the repository root, connect as
ADMIN:cd ~/DEEP-DATA-SECURITY/oracle-deep-data-security-lab export TNS_ADMIN=~/DEEP-DATA-SECURITY/wallet-ddslab sql admin@ddslab_tunnelPresenter note:
ADMINprepares the classified chunks and security personas.SQLcl note: after running a script with
@file.sql, do not type/. The slash reruns the last command in the SQLcl buffer and can make a successful command look like an error. -
Reset the scenario:
@scenarios/06-rag-vector-classified-docs/sql/99_reset.sqlPresenter note: this removes prior Data Grants, roles, users, and test data.
-
Create chunks and personas without applying data grants:
@scenarios/06-rag-vector-classified-docs/sql/00_schema.sql @scenarios/06-rag-vector-classified-docs/sql/01_seed_data.sql @scenarios/06-rag-vector-classified-docs/sql/02_identities.sqlPresenter note:
rag_legacy_retrieval_rolesimulates a broad RAG retrieval layer before DDS is enforced. -
Show every chunk and its classification:
SELECT chunk_id, document_title, department, classification, chunk_text FROM dds_rag_chunks ORDER BY chunk_id;Presenter note: explain that confidential chunks should not be sent to the LLM for every user.
-
Simulate the RAG question:
Summarize critical documents about renewals, people, and legal risks. -
Exit and connect as Nina, a regular employee:
exitsql 'nina/Welcome1_DDS!@ddslab_tunnel'Presenter note: Nina represents a regular employee using an internal copilot.
-
Run the vector search before DDS:
@scenarios/06-rag-vector-classified-docs/sql/04_test_queries.sqlPresenter note: before DDS, a broad retrieval path can place HR, legal, or executive confidential chunks in the LLM context.
Expected Result Before
- The search may retrieve
HR_CONFIDENTIAL,LEGAL_CONFIDENTIAL, andEXECUTIVE_CONFIDENTIALchunks. - The LLM could receive sensitive context before it even generates an answer.
After - Applying Deep Data Security
-
Exit and reconnect as
ADMIN:exitsql admin@ddslab_tunnel -
Apply data grants by classification:
@scenarios/06-rag-vector-classified-docs/sql/03_data_grants.sqlPresenter note: the database now filters chunks before the LLM receives any context.
-
Test Nina after DDS:
exitsql 'nina/Welcome1_DDS!@ddslab_tunnel'@scenarios/06-rag-vector-classified-docs/sql/04_test_queries.sqlPresenter note: Nina should retrieve only
PUBLICandINTERNALchunks. -
Repeat the same search as HR, legal, and executive personas:
sql 'heitor/Welcome1_DDS!@ddslab_tunnel' sql 'sofia/Welcome1_DDS!@ddslab_tunnel' sql 'carlos/Welcome1_DDS!@ddslab_tunnel'Presenter note: each persona receives only the chunk classifications authorized for that business role.
Expected Result After
ninaretrieves onlyPUBLICandINTERNALchunks.heitorretrieves authorized HR content.sofiaretrieves authorized legal content.carlosretrieves all chunks through the executive role.- The RAG layer sends only authorized context to the LLM.
Demo Evidence
- Retrieved chunk list before and after protection.
- Visible classifications by persona.
- Explanation that enforcement happens before the LLM call.
Official References
- Oracle Deep Data Security Guide: https://docs.oracle.com/en/database/oracle/oracle-database/26/ddscg/index.html
- Create Data Grants: https://docs.oracle.com/en/database/oracle/oracle-database/26/ddscg/create-data-grants.html
- TO_VECTOR SQL Reference: https://docs.oracle.com/en/database/oracle/oracle-database/26/sqlrf/to_vector.html
- VECTOR operations in PL/SQL: https://docs.oracle.com/en/database/oracle/oracle-database/26/lnpls/sql-data-types.html