Building enterprise-ready AI requires ensuring users can only augment prompts with data they're authorized to access. Relationship-based access control (ReBAC) is particularly well-suited for fine-grained authorization in Retrieval-Augmented Generation (RAG) because it makes decisions based on relationships between objects, offering more precise control compared to traditional models like RBAC and ABAC.

This talk covers how ReBAC systems can safeguard sensitive data in RAG pipelines. We'll start with why Authorization is critical for RAG pipelines, and how Google Zanzibar achieves this with ReBAC. We'll then illustrate how pre-filtering vector database queries with a list of authorized object IDs can improve efficiency & security. The talk will also include a demo implementing fine-grained authorization for RAG using Pinecone, Langchain, OpenAI, and SpiceDB.

Devoxx

A conference talk covering how to secure RAG pipelines using fine-grained, relationship-based access control (ReBAC) inspired by Google Zanzibar. The speaker explains the evolution of authorization models from ACLs to RBAC to ABAC to ReBAC, then demonstrates two techniques for enforcing document-level permissions in RAG systems: pre-filter (lookup which documents a user can access before querying the vector DB) and post-filter (retrieve embeddings first, then check permissions per document). A live demo using SpiceDB, Pinecone, LangChain, and OpenAI shows both approaches in action, including revoking access in real time. The talk also covers applicability to AI agents, audit logging benefits, and production usage at scale (e.g., ChatGPT connectors handling 37 billion documents).

Securing RAG Pipelines with Fine Grained Authorization by Sohan Maheshwar