NEW

Start with the pressure: sales, launch, abuse, agents, data, or guardrails

Use the engagement router
aisecurityllc
Sign inStart AI Security Assessment
aisecurityllc
Start AI Security Assessment
Deliverablesdeliverable
deliverable
public-sample

RAG Authorization Review

An evidence pack for retrieval ACLs, source authorization, chunking, indexing, reranking, and prompt-assembly authorization.

12-24 pages
Scope AI Product Security AssessmentScope AI Security Sales EnablementScope Secure Ai Product Launch
Client deliverable
public-sample
12-24 pages

Synthetic public-safe authorization review for retrieval-augmented generation, covering source eligibility, ACL inheritance, chunk metadata, indexing, retrieval filters, reranking, prompt assembly, and evidence.

System
Northstar Support Cloud / Customer Support Copilot
Environment
Production pilot

# RAG Authorization Review

Sample Deliverable

Executive Summary

This review examines whether retrieval preserves authorization all the way from source system permissions to the generated answer. It covers source ACLs, index eligibility, chunk metadata, retrieval filters, reranking, prompt assembly, answer generation, and trace evidence.

The conclusion is intentionally strict: retrieval authorization is not proven until negative tests show that unauthorized content cannot be retrieved, reranked, assembled into the prompt, summarized in an answer, or hidden inside an untraceable model response.

Heads up

Public sample notice

This is a shortened, synthetic excerpt prepared as a public sample. A client version would include system-specific evidence, implementation references, architecture screenshots, control test results, owner sign-offs, and full supporting documentation. This sample uses Northstar Support Cloud / Customer Support Copilot as the synthetic reference system. This sample is not legal advice, not a compliance certification, not an audit opinion, not a warranty, and not proof that any unreviewed system is secure.
Decision · blocked

RAG authorization decision

Do not expand retrieval source coverage until chunk metadata, reranker constraints, prompt assembly, and trace evidence are validated.

Metrics

RAG Authorization Snapshot

Authorization stages
8
Critical findings
2
High findings
2
Source classes reviewed
4
Required evidence artifacts
7
Note

Retrieval authorization must survive transformation

The source system may have good permissions. That is not enough. Authorization has to survive indexing, chunking, embedding, retrieval, reranking, prompt assembly, generation, and audit reconstruction.

Authorization path

Control map

RAG Authorization Path

The authorization path shows the control chain from source system ACLs to generated answer and trace evidence.

Synthetic public-safe authorization review for retrieval-augmented generation, covering source eligibility, ACL inheritance, chunk metadata, indexing, retrieval filters, reranking, prompt assembly, and evidence.
Data unavailable
content/deliverables/data/rag-authorization-review.json
No controls array found.

Authorization path review

StageOwnerStatusEvidence
Source system ACLApplication EngineeringImplementedsource-acl-review
Index eligibilitySearch PlatformPartialindexing-policy-review
Chunk inheritanceSearch PlatformPartialchunk-metadata-test
Retrieval filteringSearch PlatformPartialrag-authz-test-plan
Reranker constraintsAI Platform EngineeringPlannedreranker-safety-test-backlog
Prompt assemblyAI Platform EngineeringPartialprompt-assembly-review
Answer generationAI Platform EngineeringPartialrag-negative-test-results
Trace evidenceSecurity EngineeringPartialai-trace-schema

Source classes

Source class authorization requirements

Source classSensitivityIndex eligibilityAuthorization requirement
Public knowledge baseLowallowedpublic source trust label
Tenant support casesHighallowed with tenant and source ACL metadatatenant, user, and case visibility filters
Internal runbooksMediumallowed with employee role filtersrole-based source access
Security investigation notesCriticalblocked unless explicitly approvedsecurity-only access and separate review

Findings

Findings

RAG Authorization Findings

Finding · critical

Chunk metadata does not yet prove full ACL inheritance

Evidence: chunk-metadata-test

Chunks retain some source metadata, but the evidence does not yet prove tenant, source ACL, sensitivity, freshness, and source trust labels survive every indexing path.

Heads up

Impact

If chunk metadata is incomplete, the system may correctly protect the source document while leaking a derived chunk.
Finding · high

Reranker constraints are not proven

Evidence: reranker-safety-test-backlog

The review does not yet show whether the reranker only receives authorized chunks or enforces equivalent authorization constraints.

Finding · critical

Prompt assembly needs authorization evidence

Evidence: prompt-assembly-review

Prompt assembly is the final point before the model sees retrieved context. Evidence must show that unauthorized chunks cannot enter the prompt envelope.

Finding · high

Trace evidence is not yet enough for retrieval incident reconstruction

Evidence: ai-trace-schema

The trace schema should show retrieved chunk ids, source ids, authorization decisions, filter state, reranker decisions, and prompt assembly references.

Required evidence

Required RAG authorization evidence

EvidenceOwnerStatus
Source ACL ReviewApplication EngineeringAvailable
Indexing Policy ReviewSearch PlatformPartial
Chunk Metadata TestSearch PlatformPartial
RAG Authorization Test PlanProduct SecurityPartial
Reranker Safety TestAI Platform EngineeringPlanned
Prompt Assembly ReviewAI Platform EngineeringPartial
AI Trace SchemaSecurity EngineeringImplemented with gap

Required remediation

Checklist

Required remediation before retrieval expansion

Prove source ACL metadata is preserved or enforced during indexing.
Prove every chunk inherits tenant, source, sensitivity, freshness, and trust labels.
Apply authorization filters before retrieval candidates can be returned.
Prove reranking cannot restore unauthorized or disallowed chunks.
Prove prompt assembly includes only authorized chunks.
Log retrieval decisions and chunk references in AI traces.
Run negative tests for cross-tenant and restricted-source retrieval.
Decision · blocked

Retrieval source expansion decision

Block new sensitive retrieval sources until end-to-end authorization negative tests and trace reconstruction are complete.

Related artifacts

Artifact

Related artifact: RAG Security Test Plan

The test plan validates the controls reviewed here.

/deliverables/rag-security-test-plan
Artifact

Related artifact: AI Architecture Review

The architecture review places the retrieval boundary in the broader AI product architecture.

/deliverables/ai-architecture-review
Artifact

Related artifact: Enterprise AI Security Evidence Pack

The evidence pack uses this review to answer enterprise buyer questions about AI data access.

/deliverables/enterprise-ai-security-evidence-pack