Governance‑First! Before Retrieval? Most RAG pipelines are still built the old way: retrieve broadly → filter → hope nothing leaks
That pattern is convenient, but in multi‑tenant or regulated workloads it’s structurally unsafe. Once the model has already seen unauthorised embeddings, you’ve lost the guarantee.
TenantSage flips the pattern: , tenant scope, and legal‑hold rules are applied before retrieval, so restricted content never reaches the ranking step — and never touches the model.
Why Post‑Filtering Fails in Multi‑Tenant RAG
When filtering only happens after semantic retrieval, several predictable risks emerge:
• Permission drift
Embedding chunks don’t automatically update when source permissions change.
• Cross‑tenant leakage
Similarity search doesn’t respect tenant boundaries unless enforced upfront.
• Legal‑hold exposure
Restricted documents can still enter the candidate set before filtering removes them.
• Weak auditability
You can’t reliably prove why the model was allowed to see a given document.
If you can’t prove it, you can’t certify it — which is a nonstarter for regulated workloads.
The Shift: The Database Enforces Governance (Not the LLM)
TenantSage pushes governance into the retrieval layer itself:
• Identity‑derived scoping
Tenant + role pulled directly from the auth token.
• Policy predicates applied before ranking
Only authorized content is even considered during retrieval.
• Deterministic audit logs
Every retrieval decision becomes explainable and reproducible.
This moves safety from “application‑layer hopes and prayers” to data‑layer guarantees.
Real-Time Inheritance: No More Chunk-Level Permissions
A key design choice: chunks don’t carry their own authorization state.
Instead:
• Each chunk inherits visibility from its parent document at query time.
• When the document’s policy changes, the retrieval view updates instantly.
• No re‑indexing and no permission drift.
This eliminates the classic “embedding index is out of sync with ACLs” problem.
High‑Level Retrieval Path
- Authenticate Derive tenant, role, and policy context from the identity token.
- Governed retrieval Similarity search + policy rules execute in a single governed path: • tenant scoping • role‑based access • retention and legal‑hold predicates all applied before ranking
- Generate The LLM only receives prompts assembled from the authorized set.
What This Enables
• Pre‑retrieval policy enforcement
No more “retrieve then panic‑filter.”
• Strong family tenant isolation
Cross‑tenant retrieval returns zero results by design.
• Legal‑hold quarantine
Held documents stay stored but never retrievable.
• No permission drift
Authorization always reflects source‑of‑truth policies.
• Audit‑ready behavior
Deterministic logs ensure compliance and traceability.
Family‑Tenant is TenantSage’s canonical multi‑tenant architecture pattern (Family → Child).
Related repositories
TenantSage core: https://github.com/arty-hospitality/TenantSag_Canonical
Top comments (0)