I am considering using OBIEE as a data connection for AI agents.
I think this has some nice benefits, as OBIEE is a nice, already built and maintained abstraction layer.
I unfortunately do not have access to newer Oracle technology, which has more of this sort of thing built in.
But I want to better understand the security and safety implications.
Mainly, is it safe for people outside of IT to use this, and what is the safety around generated arbitrary queries?
As I have it set up now, the AI browses the available data via MetadataService (getSubjectAreas, describeSubjectArea), builds SQL, and executes it via XmlViewService.executeSQLQuery.
The AI is surprisingly adept at taking a request, navigating the areas, and writing a query to get the answer.
Currently, I manually review every query before submission, but if it is safe, I would like to remove this step.
Before I do, I am looking for some clarification:
- Is executeSQLQuery truly read-only, and can any harm be done by allowing AI-written arbirtrary queries to be run?
- From what I can tell in the documentation, it is read-only, so I figure it is relatively safe. For security, is the data available via the API the same as what the user can access via the UI?
- For safety, I figure the main risk is the AI sending expensive or poorly put-together queries.
Does OBIEE enforce a maximum number of rows or time limits on queries?
The alternative is using the raw database, which is obviously worse. OBIEE gives authentication, security, and abstractions. I just want to confirm those guarantees hold through the web service API.
Any insight is appreciated
