Securing VectorDB¶
The Dynamic Content Filter feature in PAIG provides robust security and governance for VectorDB, which is crucial in the context of GenAI and Retrieval-Augmented Generation (RAG) systems. VectorDB aggregates data from various sources such as Confluence Wiki pages, Databases, Documents, Support Tickets, etc. This guide details how to utilize PAIG to enforce appropriate access control policies, ensuring data security and compliance in GenAI applications.
Overview¶
PAIG's Dynamic Content Filter allows for the implementation of three key categories of access control within VectorDB:
-
User/Group Level Permissions: Controls access based on user and group permissions, mirroring the access rights from the original data source.
-
Metadata Level Permissions: Manages access to data classified as confidential or restricted, ensuring only authorized users can access such information.
-
Fine-Grained Authorization: Enforces policies based on the specific content of the data, crucial for compliance with regulations like CCPA, GDPR, etc.
Policy Definition¶
Administrators can enable User/Group Level policies for each VectorDB collection through a simple interface. PAIG provides guidelines for metadata tagging to ensure effective enforcement of these policies.
Use Cases¶
Here are some use cases that demonstrate the application of Dynamic Content Filter in VectorDB.
User/Group Level Permissions Use Cases¶
1. Project Management Data Access¶
- Scenario: A project manager queries the GenAI application for specific project documents.
- Outcome: The system provides access only to documents in VectorDB that the project manager is authorized to access, mirroring their SharePoint permissions.
2. Cross-Departmental Data Sharing¶
- Scenario: A marketing department employee requests access to financial reports.
- Outcome: Access is denied as the employee lacks the necessary permissions for financial data.
Metadata Level Permissions Use Cases¶
3. Confidential Project Information Access¶
- Scenario: A senior executive seeks access to strategic plans tagged as CONFIDENTIAL in VectorDB.
- Outcome: Access is granted based on the executive's high-level clearance.
4. Restricted Access to Financial Data¶
- Scenario: An intern queries for financial data tagged as INTERNAL
- Outcome: The system filters out this data, denying access due to the intern's lower access level.
Fine-Grained Authorization Use Cases¶
5. GDPR Compliance for Customer Data¶
- Scenario: A European customer service representative accesses customer data.
- Outcome: The system filters the data to provide only information related to European customers, ensuring GDPR compliance.
6. Region-Specific Sales Data Access¶
- Scenario: A North American sales manager queries for regional sales data.
- Outcome: Access is provided only to data tagged with Sales - North America excluding other regions.
Consolidated Tag-Based Access Control Use Cases¶
7. Multi-Departmental User Access¶
- Scenario: An employee with roles in both HR and Finance departments queries for data.
- Outcome: The system consolidates tags from both departments, providing a unified data view aligned with the employee’s combined roles.
8. Group-Based Access in Research Teams¶
- Scenario: A research team member seeks access to specific R&D project data.
- Outcome: Access is allowed to data chunks tagged under Research & Development that the team is authorized to view.
Dynamic Access Control Use Cases¶
9. Changing Access Levels¶
- Scenario: A manager is promoted, resulting in an upgraded access level.
- Outcome: The system dynamically updates to provide access based on the new clearance level.
10. Project-Specific Temporary Access¶
- Scenario: A consultant is temporarily given access to a specific project's data in VectorDB.
- Outcome: Access is restricted to data related to that project for the duration of the assignment.
Fine Grained Metadata Filtering Use Cases¶
11. Customer Data Access by Country¶
- Scenario: A customer support agent queries for customer profiles.
- Outcome: The system filters data to display profiles only from the agent's designated country.
12. Departmental Data Access for Global Teams¶
- Scenario: A global team head queries for operational data.
- Outcome: Access is granted only to data tagged for their specific operational region, like Operations - Europe
These use cases provide practical examples of how Dynamic Content Filter in VectorDB can be utilized in various scenarios, demonstrating its versatility and effectiveness in managing data access and ensuring compliance.
You can also refer to more detailed use cases in the VectorDB Use Cases section.
Utilizing Dynamic Content Filter¶
To secure your VectorDB effectively:
-
Review Access Requirements: Understand the access control needs for your data.
-
Implement Appropriate Tagging: Ensure data is correctly tagged with relevant access permissions.
-
Configure Policies: Set up policies in PAIG as per your organization's requirements.
-
Monitor and Update: Regularly review and update your access control settings to align with any changes in your data or organizational policies.
What Next?
-
Read More