See how retrieval-augmented generation can leak confidential data, then how SpiceDB prevents it.
A walkthrough of an insecure chatbot, the failure mode, and the SpiceDB integration that prevents it. Try both sides live.
Try it yourself. Ask a question that accesses a document you're not allowed to see. The AI returns the confidential data anyway.
Standard RAG pipelines retrieve documents based on semantic similarity, not on who's allowed to see them.
Now try the same question with authorization enabled. The vector DB retrieves first, then SpiceDB checks permissions on every returned document ID before anything reaches the LLM.
Retrieve first, check permissions second
CheckPermissionRequest is then performed on every document ID returned, using the article_id stored in document metadata. Only documents the user is authorized to view are passed to the LLM.Every permission check is evaluated against a schema and a set of relationships, in milliseconds.
definition user {}definition document {relation viewer: userpermission view = viewer}
The schema defines types and their permission relationships.viewer grants view permission.
| Resource | Relation | Subject |
|---|---|---|
| document:q4-salaries | viewer | user:alice |
| document:hr-policy | viewer | user:alice |
| document:all-hands | viewer | user:alice |
| document:eng-roadmap | viewer | user:bob |
| document:project-x | viewer | user:bob |
| document:all-hands | viewer | user:bob |
| Document | Alice (HR) | Bob (Eng) |
|---|---|---|
| Q4 Salary Forecast | ✓ | ✗ |
| Engineering Roadmap | ✗ | ✓ |
| All-Hands Notes | ✓ | ✓ |
| Product Spec: Project X | ✗ | ✓ |
| HR Policy Handbook | ✓ | ✗ |
When an AI agent acts on behalf of a user, it should only be able to access what that user can access, nothing more.
Bob can't view salary data, so his AI assistant can't either.
Alice is in HR and can view salary data, so her AI assistant can too.
Hover either row to focus the comparison.
An agent can only view what the user it represents can view.
definition user {relation delegate: agent}definition agent {}definition document {relation viewer: userpermission view = viewer + viewer->delegate}