Oracle Fusion AI Data Platform Idea Lab

Home Oracle Analytics and AI Oracle Analytics and AI Labs Oracle Fusion AI Data Platform Idea Lab

Categories

Welcome to the Oracle Analytics Community: Please complete your User Profile and upload your Profile Picture

Support for DB (ADW) - Level Security (VPD/Database Vault) in FDI for Multi-Tenant Data Segregation

Submitted
9
Views
0
Comments
Yagnesh_Analytics
Yagnesh_Analytics Rank 4 - Community Specialist
in Oracle Fusion AI Data Platform Idea Lab

Status / Problem Statement

​Currently, Oracle Fusion Data Intelligence (FDI) provides robust data security at the Semantic (BI) Layer. However, for organisations with extreme data sensitivity - such as those onboarding highly regulated business units or legal entities—there is a critical "Privileged User" security gap.

​Developers and Admins with access to the underlying Autonomous Data Warehouse (ADW) can query the OAX_USER (or equivalent Custom) schema directly. This bypasses all Semantic Layer filters, allowing access to sensitive HCM (Payroll/PII) and ERP (Financial) data across all Business Units and Ledgers.

The Use Case

​We are integrating a "Sensitive Tenant" into our Fusion source system. Internal audit and compliance requirements dictate that data must be segregated at the storage layer, not just the presentation layer.

  • ​We need to allow developers to build custom Data Augmentations for 90% of the business.
  • ​We must simultaneously block or filter those same developers from seeing rows related to the "Sensitive Tenant" (specific BUSINESS_UNIT_ID or LEDGER_ID).

Proposed Solution

​We request that Oracle FDI officially supports and provides documentation for implementing native Oracle Database security features within the managed FDI environment:

  1. Virtual Private Database (VPD) Support: Allow customers to apply DBMS_RLS policies on OAX tables that transparently filter rows for specific DB users/roles without breaking the FDI Data Pipeline or OTB Semantic Model.
  2. Database Vault Integration: Provide a "Best Practice" configuration for Database Vault Realms in FDI to protect sensitive HCM/ERP data from privileged schema users, while white-listing the FDI Service User for ETL.
  3. Security "Guard" Configuration: A UI or documented process within the FDI Console to manage these database-level exclusions, ensuring they persist through platform upgrades and patching.

Business Value

  • Compliance: Enables FDI adoption for government, healthcare, and highly regulated global entities with strict data residency or "need-to-know" requirements.
  • Risk Mitigation: Eliminates the risk of internal data breaches by privileged technical users (DBAs/Developers).
  • Platform Trust: Moves FDI from "BI Security" to "Defense in Depth" (Security at every layer).
Tagged:
1
Up
1 votes

Submitted · Last Updated