Data & Storage / RAG Security & PBAC
FR EN

Data & Storage

RAG Security & PBAC

RAG security and permission-based access control (PBAC): ensure retrieval respects the caller’s rights.

Plane
Data & Storage
Flow steps
7
Frameworks
NIST 800-53 · OWASP LLM02 · 800-207

Technology

Why use it

Apply data permissions at retrieval time, so RAG never exposes more than the user is entitled to see.

Why it matters to security

Without PBAC, RAG becomes a leak channel: it returns documents beyond the caller’s rights.

Implementations OPA / Cedar at data layerOsoindex ACL filtersGlean / Pinecone metadata

Relevance never justifies exposure: retrieve only what is authorized.

Recommendations by maturity tier

Hover a recommendation for its explanation · each one carries its control number

Foundation

Minimum viable baseline
  • Document filtering by the caller’s permissions.
    NIST 800-53 AC-3 · AC-4
    Retrieval respects the documents’ original ACLs.
  • Document sensitivity labeling.
    NIST 800-53 AC-16
    Classifying data precedes any fine-grained access control.
  • Document-access logging.
    NIST 800-53 AU-2
    Who retrieved what stays traceable.

Enterprise

Enterprise standard
  • Attribute-based access control at document/row level.
    NIST 800-53 AC-16 · AC-24
    The decision accounts for user, document and context.
  • Differential redaction by rights.
    NIST 800-53 SI-15OWASP LLM02:2025
    The same document is returned more or less masked per caller.
  • Permission inheritance from source to index.
    NIST 800-53 AC-3
    The index must never be more permissive than the source.

Advanced

High-assurance / regulated
  • Retrieval decision delegated to the PDP.
    NIST 800-53 AC-24
    The PDP arbitrates every knowledge access, in context.
  • Continuous permission re-evaluation.
    NIST 800-207 §3.3
    A revoked permission applies to retrieval immediately.
  • Compliance audit of RAG access.
    NIST 800-53 AU-6
    Prove that RAG respects data policies.

Architecture notes

  • The index inherits permissions, it doesn’t reinvent them.details ▸
    Copying data into an index often strips its ACLs.
    Propagate source permissions through to retrieval, and filter at query time.

References

NIST SP 800-53 Rev5
AC-3, AC-4, AC-16 (Attributes), AC-24 (Decisions), SI-15, AU-6.
OWASP LLM02:2025
Sensitive Information Disclosure via unfiltered retrieval.
NIST SP 800-207
§3.3 — continuous access re-evaluation.

Abbreviations

PDP
Policy Decision Point
PEP
Policy Enforcement Point
PIP
Policy Information Point
PAP
Policy Administration Point
IdP
Identity Provider
TSS
Token Service
NHI
Non-Human Identity
RBAC
Role-Based Access Control
ABAC
Attribute-Based Access Control
MFA
Multi-Factor Authentication
HITL
Human-in-the-loop
JIT
Just-In-Time
CAE
Continuous Access Evaluation
CAEP
Continuous Access Evaluation Profile
DPoP
Demonstrating Proof-of-Possession
mTLS
mutual TLS
PII
Personally Identifiable Information
KMS
Key Management Service
CI/CD
Continuous Integration / Continuous Delivery
SIEM
Security Information and Event Management
SOAR
Security Orchestration, Automation and Response
SCIM
System for Cross-domain Identity Management
XACML
eXtensible Access Control Markup Language
OPA
Open Policy Agent
OWASP
Open Worldwide Application Security Project
NIST
National Institute of Standards and Technology
ATLAS
Adversarial Threat Landscape for Artificial-Intelligence Systems
LLM
Large Language Model
WAF
Web Application Firewall
CDN
Content Delivery Network
DDoS
Distributed Denial of Service
DLP
Data Loss Prevention
JWT
JSON Web Token
API
Application Programming Interface
CRS
Core Rule Set (OWASP)
RAG
Retrieval-Augmented Generation
MCP
Model Context Protocol
PBAC
Permission-Based Access Control
HSM
Hardware Security Module
UEBA
User and Entity Behavior Analytics
SBOM
Software Bill of Materials
SLSA
Supply-chain Levels for Software Artifacts
WORM
Write Once, Read Many
SPIFFE
Secure Production Identity Framework For Everyone