Can an LLM use Oracle Application Server (OAS) as a data provider or catalog via Model Context Proto

Question

We're exploring an architecture where a large language model (LLM) interacts with Oracle Application Server (OAS) through Model Context Protocol (MCP) to retrieve structured data and metadata.

In our specific use case:

* We want to leverage OAS's existing security model, including row-level security, so that user queries are filtered based on their access rights.* For example, if a user asks, "What was UK revenue in 2025?", the LLM should only return that data if the user's OAS profile grants access to UK data.

* The LLM should also be able to access pre-calculated KPIs stored in the RPD (repository), not just raw data.

We're looking for insights on:

* Whether MCP can effectively mediate between the LLM and OAS while preserving security and context.
* How to expose OAS metadata and RPD logic in a way that the LLM can interpret and respond to naturally.
* Any architectural patterns, integration strategies, or limitations others have encountered in similar setups.

Would appreciate any guidance, examples, or lessons learned!

Thanks

Adrian

AdrianV · Answer

Hi Gianni,

Thank you so much for your response!

I’ll review the documentation you shared and assess what can be done on our side. The MCP server’s ability to access the database directly is certainly a valuable feature, though its use in our case will be limited to a select group, such as data scientists with full access privileges to the data.

I really appreciate you taking the time to respond to this post.

Best regards,

Adrian

Gianni Ceresa · Answer

Hi,

OAS, Oracle Analytics Server doesn't isn't/doesn't have a native MCP server.

What you can do instead is to build (code) a MCP server that will use the OAS REST APIs (for example like @Mike Durran-Oracle did in

https://medium.com/oracledevs/experimenting-with-oracle-analytics-rest-apis-and-the-model-context-protocol-mcp-ab0cf1e165df

).

As far as I know, the MCP protocol doesn't cover the security usage you expect. The MCP server can require the client to authenticate, but it's an authentication between the client and the server, not between your user using the agent and OAS.

As you have to code your own MCP server for OAS, you can probably have a kind of "proxy" on the MCP server side that will authenticate a session with your OAS, and if valid it will then use that session when making requests to the REST APIs. Something that would require a good design, a formal approval by your security team, and some luck to work well…