The Oracle AI Data Platform (AIDP) Workbench provides a robust, multi-layered security system built on the Oracle Cloud Infrastructure (OCI) Identity and Access Management (IAM) and the platform’s own granular Role-Based Access Control (RBAC). 

1. OCI IAM: The Foundational Security Layer 

OCI IAM serves as the primary line of defense, ensuring all users are properly authenticated and authorized before they can interact with AIDP Workbench. To gain access, users must be granted explicit IAM permissions within the OCI environment, making it impossible to even see or use AIDP Workbench without the appropriate permission policies in OCI IAM. 

2. Fine-Grained RBAC Inside AIDP Workbench 

Once users have IAM access, AIDP Workbench enforces an additional layer of security by managing access at the object level. This includes control over workspaces, catalogs, schemas, tables, volumes, notebooks, compute clusters, workflows, and AI Agent Flows (currently in LA). Each object can be assigned specific permissions such as view, use, or manage tailored to the required access level for each team member. The permission types and their associated actions may differ depending on the object, but they all support flexible, role-based assignments to support diverse enterprise needs. 

3. Inheritance with Trickle-Down Permissions 

AIDP implements a “trickle-down” or inheritance permission model: when permissions are granted at a higher-level object, these automatically cascade to nested objects. For instance, assigning “manage” permissions to a user at the catalog level means the user will have management rights to all schemas, tables, and other objects within that catalog. This model enables structured delegation while emphasizing the importance of adhering to “least-privilege” policies only granting access necessary for users to fulfill their roles. 

4. Isolated Workspaces and Sandboxing 

Granular object-level permissions empower enterprises to create isolated workspaces for different teams, projects, or lines of business. This isolation dramatically reduces the risk of inadvertent data exposure or unauthorized access to sensitive information, helping organizations maintain compliance and operational integrity. 

5. Comprehensive Audit Logging for Transparency 

To ensure operational transparency and support compliance requirements, AIDP Workbench includes an extensive auditing system. Every key activity whether it’s the creation of a new object, modification of resources, updates to permissions, or deletion of artifacts is systematically recorded in detailed audit logs. These logs enable teams to investigate incidents, meet regulatory requirements, and maintain a clear record of data platform activity. 

Check out the following instructional video on how to create roles and assign permissions in AIDP Workbench to apply these concepts: