Oracle Communities

Oracle Analytics and AI

Child Item

Support for DB (ADW) - Level Security (VPD/Database Vault) in FDI for Multi-Tenant Data Segregation

Status / Problem Statement

Currently, Oracle Fusion Data Intelligence (FDI) provides robust data security at the Semantic (BI) Layer. However, for organisations with extreme data sensitivity - such as those onboarding highly regulated business units or legal entities—there is a critical "Privileged User" security gap.

Developers and Admins with access to the underlying Autonomous Data Warehouse (ADW) can query the OAX_USER (or equivalent Custom) schema directly. This bypasses all Semantic Layer filters, allowing access to sensitive HCM (Payroll/PII) and ERP (Financial) data across all Business Units and Ledgers.

The Use Case

We are integrating a "Sensitive Tenant" into our Fusion source system. Internal audit and compliance requirements dictate that data must be segregated at the storage layer, not just the presentation layer.

We need to allow developers to build custom Data Augmentations for 90% of the business.
We must simultaneously block or filter those same developers from seeing rows related to the "Sensitive Tenant" (specific BUSINESS_UNIT_ID or LEDGER_ID).

Proposed Solution

We request that Oracle FDI officially supports and provides documentation for implementing native Oracle Database security features within the managed FDI environment:

Virtual Private Database (VPD) Support: Allow customers to apply DBMS_RLS policies on OAX tables that transparently filter rows for specific DB users/roles without breaking the FDI Data Pipeline or OTB Semantic Model.
Database Vault Integration: Provide a "Best Practice" configuration for Database Vault Realms in FDI to protect sensitive HCM/ERP data from privileged schema users, while white-listing the FDI Service User for ETL.
Security "Guard" Configuration: A UI or documented process within the FDI Console to manage these database-level exclusions, ensuring they persist through platform upgrades and patching.

Business Value

Compliance: Enables FDI adoption for government, healthcare, and highly regulated global entities with strict data residency or "need-to-know" requirements.
Risk Mitigation: Eliminates the risk of internal data breaches by privileged technical users (DBAs/Developers).
Platform Trust: Moves FDI from "BI Security" to "Defense in Depth" (Security at every layer).

Find more posts tagged with

Security

HCM

FDI

Needs Votes

Fusion Data Intelligence

FAIDP

Status: Needs Votes

Comments

There are no comments yet