Files
oracle-deep-data-security-lab/scenarios/06-rag-vector-classified-docs/RUNBOOK.md
Rodrigo db3d68af10
Some checks failed
Repo Quality / structure (push) Has been cancelled
Terraform Validate / validate (push) Has been cancelled
Improve Deep Data Security lab scenarios
2026-05-13 16:13:04 -03:00

87 lines
2.6 KiB
Markdown
Executable File

# Runbook - 06 RAG Vector Classified Docs
## Objective
Show that a RAG agent retrieves only authorized chunks/documents before sending context to the LLM.
## Security Value
- Reduces over-retrieval in RAG.
- Prevents confidential chunks from being sent to the model.
- Combines vector search with data grants by classification.
## Prerequisites
- Oracle AI Database with support for `VECTOR`, `TO_VECTOR`, and `VECTOR_DISTANCE`.
- Database compatible with Oracle Deep Data Security.
- SQLcl or SQL*Plus.
## Before - Vulnerable Environment
1. Reset the scenario:
```sql
@scenarios/06-rag-vector-classified-docs/sql/99_reset.sql
```
2. Create chunks and personas without applying data grants:
```sql
@scenarios/06-rag-vector-classified-docs/sql/00_schema.sql
@scenarios/06-rag-vector-classified-docs/sql/01_seed_data.sql
@scenarios/06-rag-vector-classified-docs/sql/02_identities.sql
```
3. Simulate the RAG question:
```text
Summarize critical documents about renewals, people, and legal risks.
```
4. Run the vector search:
```sql
@scenarios/06-rag-vector-classified-docs/sql/04_test_queries.sql
```
## Expected Result Before
- The search may retrieve `HR_CONFIDENTIAL`, `LEGAL_CONFIDENTIAL`, and `EXECUTIVE_CONFIDENTIAL` chunks.
- The LLM could receive sensitive context before it even generates an answer.
## After - Applying Deep Data Security
1. Apply data grants by classification:
```sql
@scenarios/06-rag-vector-classified-docs/sql/03_data_grants.sql
```
2. Run the same search as `nina`, `heitor`, `sofia`, and `carlos`:
```sql
@scenarios/06-rag-vector-classified-docs/sql/04_test_queries.sql
```
## Expected Result After
- `nina` retrieves only `PUBLIC` and `INTERNAL` chunks.
- `heitor` retrieves authorized HR content.
- `sofia` retrieves authorized legal content.
- `carlos` retrieves all chunks through the executive role.
- The RAG layer sends only authorized context to the LLM.
## Demo Evidence
- Retrieved chunk list before and after protection.
- Visible classifications by persona.
- Explanation that enforcement happens before the LLM call.
## Official References
- Oracle Deep Data Security Guide: https://docs.oracle.com/en/database/oracle/oracle-database/26/ddscg/index.html
- Create Data Grants: https://docs.oracle.com/en/database/oracle/oracle-database/26/ddscg/create-data-grants.html
- TO_VECTOR SQL Reference: https://docs.oracle.com/en/database/oracle/oracle-database/26/sqlrf/to_vector.html
- VECTOR operations in PL/SQL: https://docs.oracle.com/en/database/oracle/oracle-database/26/lnpls/sql-data-types.html