Access Control in RAG: Adding a Layer of Relational Security

The Challenge

RAG (Retrieval-Augmented Generation) is a hybrid approach that combines two strengths: the ability of language models to generate contextual responses with the efficient retrieval of large volumes of up-to-date data by modern information retrieval systems.

The proposed RAG ecosystem serves as a centralized knowledge source for the entire organization. Unlike traditional RAG systems, thanks to recent advancements, it is now possible to incorporate an additional security layer, enabling more precise access policies and better protection of sensitive information. This is achieved through Relationship-Based Access Control (ReBAC), which is more dynamic and granular than conventional Role-Based Access Control (RBAC). This approach strikes a balance between performance and security.

Results

For example, a professional from the finance department, such as a financial analyst, accesses the secure RAG system and queries economic performance indicators. After logging in, the system identifies the relationships with the stored documents, verifies the current privileges, and processes the request. As a result, the system provides a detailed response, as the user has authorized access to the requested accounting resources.

Similarly, a professional from the marketing team, such as a community manager, accesses the same system and submits the same query. In this case, the system detects that the user belongs to a department not authorized to access the requested accounting data. After this verification, the system generates a conditional response indicating that the requested information is private and inaccessible, suggesting the user to contact the technical team for further assistance. This ensures that the corporation’s sensitive information remains protected, accessible only by authorized users.

How Did We Achieve This?

This additional security layer is based on the FGA (Fine-Grained Authorization) standard, which defines who can do what with which resources. OpenFGA is the underlying service that enables FGA by defining relationships between users and resources. To implement this, a service provider is required; among the many available in the market, we chose Auth0 by OktaFGA for its advanced authentication, seamless integration with dynamic access models like ReBAC, and its support for FGA.

To configure a system of this nature, a structured process is followed, integrating several components. Initially, a client is set up on the provider’s platform. Next, an authorization model is defined, establishing the types of entities in the system—in this case, users (employees), documents (corporate information), and groups (departments). Finally, tuples are configured, which are the core elements of the ecosystem, specifying the relationships between these entities.

The generated authorization model is presented below:

This new paradigm allows permissions to be assigned not merely based on roles but rather on dynamic and contextual relationships, enabling granular and adaptive access control.

The integration of this authorization model with the standard RAG pipeline is highly seamless. To achieve this, a new component is added: authorization information, which is incorporated into the handling of the context retrieved by the retriever. This field is added to the usual data (user query, prompt, model, etc.) and stores information associated with the user, object, and relationships. At query time, the system verifies the relationship between the requesting user and the documents. If the user has access to the documents, the requested data is added as context. Otherwise, it sends an empty context, prompting the model to respond with predefined responses established in its system prompt.

Strengths of the solution

• Governance and Performance: Projects remain compliant with the EU’s legal framework, facilitating adherence to GDPR and current European regulations. As a client, you will always know where your data is stored and under which jurisdiction.

• Dynamic Configuration: It is possible to use both local models and external providers, as well as opt for in-memory storage with local persistence or cloud solutions. These components can be enabled or disabled based on your needs and use case, thanks to the system’s modular adaptability.

• Advanced Security: By applying a relationship-based security strategy, permissions for users, groups, and data can be defined with granularity, enabling the creation of a fluid and secure RAG ecosystem with access logs and conditional responses based on system profiles.

It remains essential to note that the authorization model presented has been simplified for educational and illustrative purposes. In real-world scenarios with greater complexity, integrating these controls into corporate RAG systems may pose additional challenges. These include the improper management of relationships between entities, which could lead to control gaps or unintended restrictions, or the maintenance of tuples, which can be a significant challenge during scaling and may require automated update processes. All these factors must be carefully considered to ensure an effective and secure implementation of the solution.

Throughout this success story, we have seen how this relationship-based authorization approach not only enhances the level of security in RAG systems, but also provides a flexible and scalable way to adapt access to corporate private data according to each company’s organizational structure. A solution that combines security, efficiency, and performance within a single RAG ecosystem.