Learn IAM
Learn IAM

Human-AI Authorization

Human-AI Authorization

Overview

Human-AI Authorization determines what a human user is allowed to do with an AI system. It goes beyond simple login (Authentication). It answers: Can this user view this document in the RAG pipeline? Can they ask questions about sensitive HR data? Can they configure the agent's behavior?

This is the intersection of traditional RBAC/ABAC and the new semantic understanding capabilities of AI. The authorization model must filter the knowledge the AI has access to, based on the user's permissions.

Architecture

Retrieval-Augmented Generation (RAG) with permissions enforcement.

Diagram

Key Decisions

  • Early vs. Late Binding: Do you filter search results before sending to the LLM (Early Binding - Recommended) or ask the LLM to ignore restricted data (Late Binding - Insecure)?
  • ACL Propagation: How to sync file system permissions (Google Drive, SharePoint) into the Vector Database metadata so the search respects original access rights.
  • Group Membership: Mapping enterprise groups (AD/Okta) to AI knowledge collections.

Implementation

RAG Authorization (Metadata Filtering)

When indexing documents, attach the Access Control List (ACL) to the vector metadata.

Document Vector Metadata:

json
{
  "doc_id": "doc-123",
  "content_vector": [...],
  "allowed_groups": ["finance_team", "execs"],
  "owner_id": "user-bob"
}

Query Time: Inject a filter into the vector search query: Filter: (group IN user.groups OR owner == user.id)

User Context Injection

Pass the user's identity and attributes to the prompt system (in a secure block) so the model is "aware" of who it is talking to, enabling personalized (and policy-compliant) tone and detail.

Risks

  • Hallucinated Access: An LLM might guess or hallucinate information it was supposed to be restricted from, if the restriction relies solely on the prompt instructions.
  • Stale ACLs: If a user is removed from a group in AD, but the Vector DB metadata isn't updated immediately, they retain access to the knowledge.
  • Semantic Bypass: Asking questions in a way that bypasses keyword filters (e.g., "Write a poem about the project with code name X").