Security and Technical Information

 Previous  Next |  Direct link to this topic

This section explains how the AI Assistant handles your data and the security measures in place to protect your business information.

 

Data Protection Overview

Your business data stays in your environment. The AI Assistant is designed so that your actual data values never leave your SAP Business One database. Only your question and the database schema are used to generate queries.

 

What is Sent to Azure OpenAI

When you ask a question, the following information is sent to Azure OpenAI to generate a response:

 

 

Your Natural Language Question

The text of your question is sent to the AI so it can understand what you are asking for.

 

Conversation History

Previous questions and responses in your current conversation are included so the AI can understand context and follow up questions.

 

Table and Column Names

The names of database tables and columns (schema information) are shared so the AI knows the structure of your data and can generate valid SQL queries. This does not include any actual data values.

 

Role Restrictions

Information about which tables your role can access is included so the AI only generates queries against permitted tables.

 

 

What is Never Sent to Azure OpenAI

The following information is never sent outside your environment:

 

 

Actual Business Data

Customer names, invoice amounts, item prices, quantities, financial figures, and all other actual data values remain in your database. The AI never sees this information. If you ask a question regarding any specific customer, item, etc., that information will be passed to the AI backend in order to create a proper query.

 

Query Results

The data returned by SQL queries is processed entirely within your environment. Results are displayed locally and are not sent to any external service.

 

 

How It Works

Here is a simplified overview of what happens when you ask a question:

 

1. You type a question in the AI Assistant.

2. The question, along with table and column names, is sent to Azure OpenAI.

3. The AI generates a SQL query based on your question and the schema information.

4. The SQL query is returned to your environment and executed locally against your SAP Business One database.

5. The results are displayed only to you in the AI Assistant widget.

 

At no point does your actual business data leave your database. The AI only helps translate your natural language question into a SQL query.

 

SQL Security

The AI Assistant includes several security measures to protect your database:

 

 

Read Only Queries

Only SELECT statements and CTEs (WITH clauses containing SELECT) are allowed. The system will not execute queries that could modify data.

 

Dangerous Operations Blocked

Queries containing DELETE, DROP, UPDATE, INSERT, TRUNCATE, ALTER, CREATE, EXEC, EXECUTE, or stored procedure calls are automatically rejected. This prevents any accidental or intentional data modification.

 

Injection Protection

Attempts to inject multiple statements using semicolons followed by dangerous keywords are detected and blocked.

 

Role Based Table Access

When roles are enabled, the system validates that all tables in a query are allowed by the user's assigned roles. Queries that reference unauthorized tables are rejected.

 

 

Secure Communication

All communication with Azure OpenAI uses HTTPS encryption to protect data in transit.