Authorize RAG retrieval with Cerbos dynamic filters
Enforce document-level access control on vector store retrieval by translating Cerbos policy decisions into dynamic metadata filters.
Document-level access control
Enforce per-document authorization on vector search results using Cerbos policies and metadata filters
Dynamic retrieval filters
Translate Cerbos query plans into vector store metadata filters at retrieval time, based on the requesting user's context
Store-agnostic
Works with any vector store that supports metadata filtering, including Pinecone, ChromaDB, Weaviate, and Qdrant
How Cerbos works with RAG (Retrieval-Augmented Generation)
AI agents and tools introduce a new class of authorization challenges. They act on behalf of users, access sensitive data, and chain operations, all of which need fine-grained access control.
Cerbos provides policy-driven authorization that controls what AI systems can do, which data they can access, and on whose behalf. Policies are written in human-readable YAML and evaluated at request time.
With Cerbos and RAG (Retrieval-Augmented Generation), you get guardrails that scale with your AI adoption, centrally managed policies, full audit trails, and sub-millisecond decision times that don't slow down agent workflows.
How Cerbos secures RAG retrieval
- Define document access policies in YAML, Write resource policies that describe who can access which documents, using roles, attributes, and metadata.
- Request a query plan from Cerbos, Your application calls the PlanResources API with the user's context, and Cerbos returns an abstract query plan.
- Convert the plan into vector store metadata filters, Map the Cerbos query plan to your vector store's native filter format so authorization is enforced at the retrieval layer.
- Vector store returns only authorized documents, Similarity search executes with authorization filters applied, no post-retrieval filtering required.
FAQ
How does Cerbos filter RAG retrieval results?
Cerbos evaluates your authorization policies and produces a query plan. Your application converts that plan into metadata filters for your vector store, so similarity search only returns documents the user is authorized to access.
Which vector stores does this work with?
Cerbos query plans are vector-store agnostic. You translate the plan into whatever metadata filter format your store supports, including Pinecone, ChromaDB, Weaviate, Qdrant, and others.
Does this replace application-level authorization?
No. Data-level filtering complements API-level checks. The same Cerbos policies that control endpoint access also determine which documents are visible during retrieval.
Learn more about Cerbos
Related integrations
View all integrations →
Cerbos + RAG (Retrieval-Augmented Generation)
- Cerbos policies govern AI agent tool access and data visibility
- Full audit trail for every AI tool call and data access
- Per-user permissions enforced across autonomous agent workflows
- Sub-millisecond policy evaluation with no agent pipeline overhead
Authorization for AI systems
By industry
By business requirement
Useful links
What is Cerbos?
Cerbos is an end-to-end enterprise authorization software for Zero Trust environments and AI-powered systems. It enforces fine-grained, contextual, and continuous authorization across apps, APIs, AI agents, MCP servers, services, and workloads.
Cerbos consists of an open-source Policy Decision Point, Enforcement Point integrations, and a centrally managed Policy Administration Plane (Cerbos Hub) that coordinates unified policy-based authorization across your architecture. Enforce least privilege & maintain full visibility into access decisions with Cerbos authorization.