# Retrieval Access Control and Permission Filtering
Status: public
Confidence: medium (0.725) (verified)
Last verified: 2026-06-02
Generation: ai_structured


## TL;DR

Retrieval access control prevents RAG systems from returning documents, chunks, fields, or citations that the current user is not allowed to see.

## Core Explanation

RAG systems often index private documents from many tenants, teams, repositories, or data sources. The retriever must carry access metadata and enforce permission filters at query time, not after the model has already seen restricted context.

Agents should treat permission filtering as part of retrieval correctness. A result is not citation-ready just because it is semantically relevant; it also has to be authorized for the current principal.

## Source-Mapped Facts

- Azure AI Search documentation says document-level access control can restrict search results to documents a user is allowed to access. ([source](https://learn.microsoft.com/en-us/azure/search/search-document-level-access-overview))
- Pinecone metadata filtering documentation says filters can limit search results based on metadata fields. ([source](https://docs.pinecone.io/guides/search/filter-by-metadata))
- Elastic documentation describes document-level and field-level security as ways to restrict which documents and fields users can access. ([source](https://www.elastic.co/docs/deploy-manage/users-roles/cluster-or-deployment-auth/controlling-access-at-document-field-level))

## Further Reading

- [Azure AI Search Document-Level Access Control](https://learn.microsoft.com/en-us/azure/search/search-document-level-access-overview)
- [Pinecone Filter by Metadata](https://docs.pinecone.io/guides/search/filter-by-metadata)
- [Elastic Document and Field Level Security](https://www.elastic.co/docs/deploy-manage/users-roles/cluster-or-deployment-auth/controlling-access-at-document-field-level)