Categories
- All Categories
- Oracle Analytics and AI Learning Hub
- 34 Oracle Analytics and AI Sharing Center
- 22 Oracle Analytics and AI Lounge
- 276 Oracle Analytics and AI News
- 47 Oracle Analytics and AI Videos
- 16.1K Oracle Analytics and AI Forums
- 6.3K Oracle Analytics and AI Idea Labs
- Oracle Analytics and AI User Groups
- 99 Oracle Analytics and AI Trainings
- 16 Oracle Analytics and AI Challenge
- Find Partners
- For Partners
Enterprise Security and RBAC in Oracle AI Data Platform Workbench
The Oracle AI Data Platform (AIDP) Workbench provides a robust, multi-layered security system built on the Oracle Cloud Infrastructure (OCI) Identity and Access Management (IAM) and the platform’s own granular Role-Based Access Control (RBAC).
1. OCI IAM: The Foundational Security Layer
OCI IAM serves as the primary line of defense, ensuring all users are properly authenticated and authorized before they can interact with AIDP Workbench. To gain access, users must be granted explicit IAM permissions within the OCI environment, making it impossible to even see or use AIDP Workbench without the appropriate permission policies in OCI IAM.
2. Fine-Grained RBAC Inside AIDP Workbench
Once users have IAM access, AIDP Workbench enforces an additional layer of security by managing access at the object level. This includes control over workspaces, catalogs, schemas, tables, volumes, notebooks, compute clusters, workflows, and AI Agent Flows (currently in LA). Each object can be assigned specific permissions such as view, use, or manage tailored to the required access level for each team member. The permission types and their associated actions may differ depending on the object, but they all support flexible, role-based assignments to support diverse enterprise needs.
3. Inheritance with Trickle-Down Permissions
AIDP implements a “trickle-down” or inheritance permission model: when permissions are granted at a higher-level object, these automatically cascade to nested objects. For instance, assigning “manage” permissions to a user at the catalog level means the user will have management rights to all schemas, tables, and other objects within that catalog. This model enables structured delegation while emphasizing the importance of adhering to “least-privilege” policies only granting access necessary for users to fulfill their roles.
4. Isolated Workspaces and Sandboxing
Granular object-level permissions empower enterprises to create isolated workspaces for different teams, projects, or lines of business. This isolation dramatically reduces the risk of inadvertent data exposure or unauthorized access to sensitive information, helping organizations maintain compliance and operational integrity.
5. Comprehensive Audit Logging for Transparency
To ensure operational transparency and support compliance requirements, AIDP Workbench includes an extensive auditing system. Every key activity whether it’s the creation of a new object, modification of resources, updates to permissions, or deletion of artifacts is systematically recorded in detailed audit logs. These logs enable teams to investigate incidents, meet regulatory requirements, and maintain a clear record of data platform activity.
Check out the following instructional video on how to create roles and assign permissions in AIDP Workbench to apply these concepts:
Comments
-
Thanks for the overview & the details.
It's very help full & useful information
Appreciate your help @Nagwang Gyamtso-Oracle.
0
