This project demonstrates how to securely connect AI agents to multiple data sources using Azure AI Agent Service. It showcases real-world scenarios where agents must access financial data responsibly — with row-level restrictions, limited views, and masked outputs — depending on the user's access rights.
Inspired by concepts in this article, this project explores data-aware AI agents that interact with APIs, databases, and the web, while respecting dynamic access controls.
This repo implements a secure, multi-source AI agent system that:
- Connects to Neon serverless Postgres to retrieve financial records
- Uses Alpha Vantage API to fetch live stock data
- Leverages Serper.dev for real-time internet search (e.g., IBM earnings)
- Enforces role-based data access for users via
user_roles.yaml - Differentiates access levels like:
- 🔒 Row-level restricted views
- 🔍 Limited column views
- 👶️ Masking sensitive data like revenue/profit
- ❌ API restriction scenarios
Each role-specific scenario is handled automatically through Azure AI Agents, ensuring secure and controlled data interactions for AI applications.
- 🧹 Two-agent collaboration: Collector + Presenter
- 🌐 Multi-source orchestration with DB + APIs + Web
- 🔐 Secure access enforcement via roles
- 🧱 Toolset-based architecture for modular extensibility
- 💬 Thread-based memory between agents in Azure AI Agent Service
- ☁️ Postgres (Neon) + OpenAI + Web Search all in one flow
Before you start, make sure you have:
- Python 3.9+
- An Azure subscription - Create one for free.
- Make sure you have the Azure AI Developer RBAC role assigned.
- Neon Serverless Postgres on Azure. Install it from the Azure Marketplace for free.
- API keys:
- Alpha Vantage API free API access
- Serper API free API access
Open the new Neon Resource page on the Azure portal, and it brings up the form to create a Neon Serverless Postgres Resource. Fill out the form with the required fields and deploy it.
- After the resource is created, go to the Neon Serverless Postgres Organization service and click on the Portal URL. This brings you to the Neon Console
- Click “New Project”
- Choose an Azure region
- Give your project a name (e.g., “Postgres AI Agent”)
- Click “Create Project”
- Once the project is created successfully, copy the Neon connection string and note down. You can find the connection details in the Connection Details widget on the Neon Dashboard.
postgresql://[user]:[password]@[neon_hostname]/[dbname]?sslmode=requireCreate a new hub and project in the Azure AI Foundry portal by following the guide in the Microsoft docs. You also need to deploy a model like GPT-4o.
You only need the Project connection string and Model Deployment Name from the Azure AI Foundry portal. You can also find your connection string in the overview for your project in the Azure AI Foundry portal, under Project details > Project connection string.
Once you have all three values on hand: Neon connection string, Project connection string, and Model Deployment Name, you are ready to set up the Python project to create an Agent from Python SDK.
git clone https://github.com/your-org/billing-anomaly-agent.git
cd neon-azure-secure-ai-agent-data-access
python -m venv .venv
source .venv/bin/activate # or .venv\Scripts\activate for Windows
pip install -r requirements.txtCreate a .env file in the root directory:
NEON_DATABASE_URL=your_neon_connection_string
PROJECT_CONNECTION_STRING=your_azure_project_connection_string
AZURE_OPENAI_DEPLOYMENT_NAME=your_azure_openai_model
ALPHA_VANTAGE_API_KEY=your_alpha_vantage_key
SERPER_API_KEY=your_serper_api_keyTo set up the Neon database with sample financial data, run:
python neondb_setup.py
You can run the two scripts to see various scenarios based on the article
python agent-data-acesss-scenario_one.py
python agent-data-acesss-scenarios_limited.py
Roles will be read from user_roles.yaml, and the appropriate data access level will be automatically enforced.
Example user roles:
users:
- username: user_a
roles:
- admin
- full_data_access
- username: user_b
roles: #comment each row for each scenario in the article
- restricted
- limited_api_access
- restricted_db
- row_restricted
- mask_data| Scenario | What Happens |
|---|---|
| Full Access | Agent can see all DB data and fetch API stock prices |
| Row-Restricted | Agent only sees rows tagged as 'restricted' |
| Column-Limited | Agent only gets company and stock_price |
| Masked Output | Presenter hides revenue/profit before summarizing |
| API Blocked | Agent skips external API fetch task |
These simulate real-world business constraints for compliance, internal roles, or customer tiering.
📁 neon-azure-secure-ai-agent-data-access
🔸 agent-data-acesss-scenario_one.py
🔸 agent-data-acesss-scenarios_limited.py
🔸 neondb_setup.py
🔸 user_roles.yaml
🔸 .env_example
🔸 requirements.txt
🔸 README.md
MIT License — free to use, extend, and share.
We welcome PRs! If you want to add new data sources, access patterns, or tool integrations, submit an issue or pull request.