A rag data access control method and system based on metadata filtering

By designing the association between metadata tags and user permission tags, RAG data access control was implemented, ensuring that the content generated by the large model only includes data that the current user has permission to access, thus solving the risk of enterprise private data leakage and improving the security of access control.

CN122174266APending Publication Date: 2026-06-09NAT IND INFORMATION SECURITY DEV RES CENT

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
NAT IND INFORMATION SECURITY DEV RES CENT
Filing Date
2026-03-02
Publication Date
2026-06-09

AI Technical Summary

Technical Problem

In the application of RAG technology, enterprises face the problem that the content generated by large models exceeds the scope of user permissions, leading to the risk of leakage and abuse of enterprise private data. Existing technologies have failed to effectively solve the problem of user permission access control for RAG data.

Method used

Design metadata tags, including enterprise private data characteristic tags and user identity and permission tags, formulate RAG data access control policies, associate and verify data in the vector database, and filter metadata by passing user permission information through the large model front-end application to ensure that the generated content only includes data that the current user has permission to access.

Benefits of technology

By using metadata filtering technology, a closed-loop control system for RAG data permissions is built to prevent unauthorized referencing or fabrication of data in large model-generated content, thereby improving the security of enterprise private data access control.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122174266A_ABST
    Figure CN122174266A_ABST
Patent Text Reader

Abstract

The application discloses a RAG data access control method and system based on metadata filtering, and relates to the field of artificial intelligence application data access. The method designs a metadata label, formulates a RAG data access control strategy based on the metadata label, thereby associating enterprise private data and the metadata label in a vector database, and performing compliance verification on the association result; when a user initiates a task request using a large model front-end application, the current user identity permission information is parsed into a metadata filtering condition; RAG data retrieval filtering is performed according to the metadata filtering condition, and after the large model front-end application generates content based on the filtered RAG data set, if it is verified that the generated content is completely derived from the filtered RAG data set, the generated content is allowed to be output to the current user. The application can ensure that the large model generated content only includes data that the current user has permission to access, thereby improving the security of enterprise private data access control.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This application relates to the field of data access in artificial intelligence applications, and in particular to a method and system for RAG data access control based on metadata filtering. Background Technology

[0002] Retrieval Augmented Generation (RAG) is an artificial intelligence technique that combines information retrieval and text generation. It eliminates the need to retrain large models by dynamically retrieving external knowledge bases before generating content, providing more evidence-based and fact-dependent information and improving the accuracy, timeliness, and interpretability of content generated by large models. Its core logic is to enable models to not only rely on static knowledge in pre-trained parameters but also to explicitly and in real-time reference external data, addressing the problems of knowledge acquisition, content reliability, and domain adaptability in general-purpose pre-trained large models.

[0003] When using RAG technology, vector databases offer efficient storage and retrieval capabilities for massive and complex unstructured data, such as large amounts of text reports, web page content, and patent papers. Vectors encode the semantic information of text into numerical vectors, making semantically similar texts appear closer together in the vector space. Through vector retrieval, document fragments semantically related to the query can be found quickly.

[0004] Current technologies commonly use pre-trained large models to learn from publicly available data. If an enterprise needs to apply the model to a specific domain to solve specific problems, it needs to use RAG (Real Data Aggregator) technology to integrate its private data accumulated in that domain (such as internal documents, case studies, and knowledge bases) into the large model. However, during the application of large models, enterprises face the problem of the generated content exceeding user access permissions. For example, if access control is not implemented based on the security level of the enterprise's private data, high-security private data may be output to unauthorized users, leading to the risk of private data leakage and misuse.

[0005] Therefore, in the application of RAG technology, how to control access to RAG data used by large models based on user permissions, so as to ensure that the content generated by large models only includes data that the current user has permission to access, is a technical problem that urgently needs to be solved. Summary of the Invention

[0006] The purpose of this application is to provide a RAG data access control method and system based on metadata filtering, which can ensure that the content generated by the large model only includes data that the current user has permission to access, thereby improving the security of enterprise private data access control.

[0007] To achieve the above objectives, this application provides the following solution: Firstly, this application provides a RAG data access control method based on metadata filtering, including: Design metadata tags; the metadata tags include enterprise private data characteristic tags and user identity and permission tags; Develop RAG data access control policies based on enterprise private data characteristic tags and user identity and permission tags; According to the RAG data access control policy, associate enterprise private data and metadata tags in the vector database; Perform compliance verification on the association results of enterprise private data and metadata tags in the vector database; Once compliance verification is passed, the enterprise's private data and metadata tags will be packaged and stored in the vector database; When a user initiates a task request using the large model front-end application, the current user's identity and permission information is passed through the large model front-end application, and the current user's identity and permission information is parsed into metadata filtering conditions. RAG data retrieval and filtering are performed based on the metadata filtering conditions. The filtered RAG dataset is obtained from the vector database and fed back to the large model front-end application. After generating content based on the filtered RAG dataset in the front end of the large model, verify whether the generated content is entirely derived from the filtered RAG dataset. If the generated content passes validation, it is allowed to be output to the current user; otherwise, the large model front-end application is controlled to regenerate the content.

[0008] Optionally, the enterprise private data characteristic tags include: data source, data type, applicable department, applicable job role, entry time, data security level, and data security level validity period; The user identity and permission tags include: department, job role, and user security level.

[0009] Optionally, the RAG data access control policy includes: the association between enterprise private data characteristic tags and user identity permission tags, and the scope of enterprise private data accessed by users with different identity permissions.

[0010] Optionally, if the compliance check fails, an alert can be issued, the RAG data access control policy can be revised, and the enterprise's private data and metadata tags can be re-associated.

[0011] Optionally, the RAG data retrieval filtering includes two stages: metadata filtering and semantic retrieval. In the metadata filtering stage: Based on the metadata filtering conditions, select RAG candidate datasets that meet the permissions from the vector database; In the semantic retrieval stage: vector semantic retrieval is performed on the RAG candidate dataset, the similarity between the task request and the RAG data in the RAG candidate dataset is calculated, RAG data with similarity greater than the similarity threshold is retained, and the filtered RAG dataset that the current user has permission to access is obtained.

[0012] Optionally, verify whether the generated content is entirely derived from the filtered RAG dataset, specifically including: Analyze the keywords and semantics in the generated content; Extract keywords from the content generated by the front-end application of the large model and compare them with the parsed keywords to check for the existence of unauthorized keywords; Calculate the semantic similarity between the content generated by the front-end application of the large model and the parsed content, and check for the existence of unauthorized RAG data; If the check finds unauthorized keywords or unauthorized RAG data, the generated content will fail the verification. If no unauthorized keywords or unauthorized RAG data are found during the check, the verification passes.

[0013] Secondly, this application provides a RAG data access control system based on metadata filtering, comprising: The metadata tag management module is used to design metadata tags; the metadata tags include enterprise private data characteristic tags and user identity and permission tags; The user identity and permission policy management module is used to formulate RAG data access control policies based on enterprise private data characteristic tags and user identity and permission tags. The metadata tag association management module is used to associate enterprise private data and metadata tags in the vector database according to the RAG data access control policy; to perform compliance verification on the association results of enterprise private data and metadata tags in the vector database; and to package and store the enterprise private data and metadata tags into the vector database when the compliance verification is passed. The RAG data retrieval and filtering module is used to process the current user's identity and permission information when a user initiates a task request through the large model front-end application, and to parse the current user's identity and permission information into metadata filtering conditions; to perform RAG data retrieval and filtering according to the metadata filtering conditions, to obtain the filtered RAG dataset from the vector database, and to feed it back to the large model front-end application. The large model generated content verification module is used to verify whether the generated content is completely derived from the filtered RAG dataset after the large model front-end application generates content based on the filtered RAG dataset. If the generated content passes the verification, the generated content is allowed to be output to the current user; otherwise, the large model front-end application is controlled to regenerate the content.

[0014] Optionally, the metadata tag management module includes: a tag group management submodule and a tag group category extension submodule; The tag group management submodule supports the management of enterprise private data characteristic tags and user identity and permission tags; The tag group category extension submodule supports the expansion of tag categories and tag content.

[0015] Optionally, the user identity and permission policy management module includes: a RAG data access control policy definition submodule and a RAG data access control policy maintenance submodule; The RAG data access control policy definition submodule supports the definition of RAG data access control policies. The RAG data access control policy maintenance submodule supports the creation, modification, enabling, disabling, and version iteration of RAG data access control policies. It also forces the RAG data access control policies to be strongly synchronized and updated when metadata tags are expanded.

[0016] Optionally, the metadata tag association management module includes: a metadata tag association submodule, a metadata tag association result verification submodule, a RAG data storage and update submodule, and a RAG data indexing submodule; The metadata tag association submodule supports metadata tag association. The metadata tag association result verification submodule supports pre-built, custom design, and expansion of the metadata tag association result verification rule library. Before RAG data is stored in the vector database, the verification process is automatically triggered. Based on the preset metadata tag association result verification rules, the association results of RAG data and metadata tags in the vector database are verified for compliance. If the verification fails, an error message is returned and storage is blocked. Only data that passes the verification is allowed to enter the vector database, ensuring that the association results of RAG data and metadata tags comply with the enterprise's private data access control security requirements. The RAG data storage and update submodule is used to package and store enterprise private data, embedded vectors, and metadata tags into the vector database after the metadata tag association result verification is passed. It also supports RAG data reading, writing, updating, modifying, and deleting. The RAG data indexing submodule is used to build an index for metadata tags of enterprise private data.

[0017] According to the specific embodiments provided in this application, this application has the following technical effects: This application provides a RAG data access control method and system based on metadata filtering. Using metadata filtering technology as its core, it constructs a closed-loop RAG data permission control system, including metadata tag design, user identity and permission mapping, metadata tag association, RAG data retrieval filtering, and large model generated content verification. By designing multi-dimensional metadata tags, it formulates RAG data access control strategies based on the characteristics of enterprise private data and user identity and permissions. During the construction of a vector database using RAG technology, RAG data and metadata tags are associated. When a user uses the large model, the current user's identity and permission information passed from the front-end application is used to perform RAG data retrieval based on metadata filtering. The filtered data is then input into the large model's generated content, and the system verifies whether the generated content is entirely derived from the retrieved RAG data that the current user has permission to access. This prevents unauthorized referencing or fabricated data during the large model's content generation process, ensuring that the large model's generated content is entirely derived from the retrieved RAG data that the current user has permission to access, thus improving the security of enterprise private data access control. Attached Figure Description

[0018] To more clearly illustrate the technical solutions in the embodiments of this application or related technologies, the drawings used in the embodiments will be briefly introduced below. Obviously, the drawings described below are only some embodiments of this application. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.

[0019] Figure 1 A flowchart illustrating a RAG data access control method based on metadata filtering provided in this application embodiment; Figure 2 A simplified flowchart illustrating a RAG data access control method based on metadata filtering, provided for an embodiment of this application; Figure 3 A schematic diagram of the overall process of a RAG data access control method based on metadata filtering provided in this application embodiment; Figure 4 A schematic diagram of the architecture of a RAG data access control system based on metadata filtering provided in this application embodiment; Figure 5 This is an interactive schematic diagram of a RAG data access control system based on metadata filtering, provided as an embodiment of this application. Detailed Implementation

[0020] The technical solutions of the embodiments of this application will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of this application, and not all embodiments. Based on the embodiments of this application, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of this application.

[0021] To make the above-mentioned objectives, features and advantages of this application more apparent and understandable, the application will be further described in detail below with reference to the accompanying drawings and specific embodiments.

[0022] Chinese patent application CN119202339A, entitled "A Privacy-Preserving RAG Data Query Method, Apparatus, Device, and Medium," describes a technical solution as follows: obtaining a data query request from a querying party; retrieving target data from a database based on the query request; processing the target data using a model provider's large model according to a preset privacy protection method to obtain query results; the preset privacy protection method prevents the target data from being leaked to the model provider; and feeding back the query results to the querying party. This patent application's privacy-preserving RAG data query method primarily focuses on privacy-preserving data query scenarios. By processing the target data using a model provider's large model according to preset privacy protection methods (such as encryption and desensitization), it prevents the model provider (the manager, generator, or maintainer of the large model, etc.) from obtaining the original target data. The basic idea is that when using RAG technology to provide external data to a large model through database retrieval, the target data is retrieved from the database based on the query request provided by the querying party. The target data is then processed using the model provider's large model according to a preset privacy protection method to obtain query results, which are then fed back to the querying party so that the querying user can access the query results. The method described in this patent application can prevent the model provider from obtaining the original data in the database, thus enabling data querying while ensuring data privacy and security.

[0023] Although the aforementioned existing patents process the target data in a privacy-preserving manner to prevent the original target data from being leaked to the model provider, they do not solve the problem that after the original target data is used to build content for a large model, it is output beyond the scope of the large model to users who do not have the corresponding data access permissions.

[0024] In view of this, in an exemplary embodiment, such as Figure 1 As shown, a RAG data access control method based on metadata filtering is provided. This method is executed by a computer device, specifically by a computer device such as a terminal or server alone, or by both a terminal and a server. In this embodiment, it includes the following steps 101 to 109.

[0025] Step 101: Design metadata tags; the metadata tags include enterprise private data characteristic tags and user identity and permission tags.

[0026] Step 102: Develop RAG data access control policies based on enterprise private data characteristic tags and user identity and permission tags.

[0027] Step 103: According to the RAG data access control policy, associate enterprise private data and metadata tags in the vector database.

[0028] Step 104: Perform compliance verification on the association results of enterprise private data and metadata tags in the vector database.

[0029] Step 105: Once the compliance verification is passed, package the enterprise private data and metadata tags and store them in the vector database.

[0030] Step 106: When a user initiates a task request using the large model front-end application, the current user's identity and permission information is passed through the large model front-end application, and the current user's identity and permission information is parsed into metadata filtering conditions.

[0031] Step 107: Perform RAG data retrieval filtering based on the metadata filtering conditions, obtain the filtered RAG dataset from the vector database, and feed it back to the large model front-end application.

[0032] Step 108: After generating content based on the filtered RAG dataset in the front end of the large model, verify whether the generated content is entirely derived from the filtered RAG dataset.

[0033] Step 109: If the generated content passes the verification, allow the generated content to be output to the current user; otherwise, control the large model front-end application to regenerate the content.

[0034] A brief flowchart of the method in this application is as follows: Figure 2 As shown, the method includes five steps: metadata tag design (step 101), user identity and permission mapping (step 102), metadata tag association (steps 103-105), RAG data retrieval and filtering (steps 106-107), and large model generated content verification (step 108).

[0035] In another exemplary embodiment of this application, the metadata tag design is as follows: based on the characteristics of enterprise private data and the requirements for user identity and permission control, multi-dimensional metadata tags are designed to ensure that the metadata filtering dimensions are quantifiable and mappable.

[0036] Metadata tags include two basic categories: enterprise private data characteristic tags (groups) and user identity and permission tags (groups). Enterprise private data characteristic tags (groups) include tags such as data source, data type, applicable department, applicable job role, entry time, data security level, and data security level validity period. User identity and permission tags (groups) include tags such as department, job role, and user security level.

[0037] In addition to the two basic categories of enterprise private data characteristic tags (groups) and user identity and permission tags (groups), metadata tags allow enterprises to customize and expand other tag group categories according to their actual needs; the tag content under enterprise private data characteristic tags (groups) and user identity and permission tags (groups) can also be customized and expanded by enterprises according to their actual needs.

[0038] In another exemplary embodiment of this application, user identity and permission mapping is implemented: a RAG data access control policy is formulated based on the characteristics of enterprise private data and user identity and permissions, specifically defining the scope of enterprise private data that users with different identity and permissions can access.

[0039] The rule engine associates tags under enterprise private data tags (groups) with tags under user identity and permission tags (groups) to form RAG data access judgment rules, thereby obtaining RAG data access control policies. Furthermore, this application supports policy creation, modification, enabling / disabling, and version iteration, and mandates strong synchronization updates of the RAG data access control policies when metadata tags are expanded.

[0040] In another exemplary embodiment of this application, metadata tag association: when converting enterprise private data into a vector database applicable to RAG technology, RAG data, enterprise private data characteristic tags, and user identity and permission tags are associated in the vector database according to the established RAG data access control policy.

[0041] Construct a rule base for verifying the association results of metadata tags to perform compliance verification on the association results of RAG data and metadata tags in the vector library. When the verification passes, package the RAG data, embedded vectors, and metadata tags into the vector database, and build an index based on the metadata tags so that the RAG data in the vector database can be retrieved and categorized through the metadata tags. When the verification fails, issue an alarm and carry out revisions to the RAG data access control policy and re-associate the enterprise's private data and metadata tags.

[0042] The rules in the metadata tag association result verification rule library support enterprise-customized design and expansion. The association result verification rules include, but are not limited to, the security level of enterprise private data accessible to users being no lower than the user's security level, and the validity period of the enterprise private data security level being no earlier than the data entry time.

[0043] In another exemplary embodiment of this application, RAG data retrieval filtering is performed when a user initiates a task request (such as query, question answering, etc.) using the large model front-end application. The user's current identity and permission information is passed through the large model front-end application. The user's identity and permission information is parsed into metadata filtering conditions that can be recognized by the vector database. Based on the metadata filtering conditions, a two-stage retrieval of RAG data is performed. The RAG dataset obtained after filtering and retrieval is used as the data range that can be accessed when the large model generates content, and is fed back to the front-end large model application.

[0044] The two-stage retrieval of RAG data consists of two stages: metadata coarse filtering (or metadata filtering) and semantic fine retrieval (or semantic retrieval). In the first stage, metadata coarse filtering, the vector database first selects RAG candidate datasets that meet the permissions based on filtering conditions. In the second stage, semantic fine retrieval, vector semantic retrieval is performed on the filtered RAG candidate datasets to calculate the similarity between the user's task request and the RAG data. RAG data with similarity greater than the similarity threshold is retained to obtain the filtered RAG datasets that the current user has permission to access. In other words, the RAG datasets filtered in the two stages are finally determined as the data range that can be accessed when generating content for large models.

[0045] In another exemplary embodiment of this application, the content generated by the large model is validated as follows: After the front-end large model application generates content, it uses keyword comparison and semantic association methods to validate whether the generated content is entirely derived from the filtered RAG dataset that the current user has permission to access. The content validation result is then fed back to the front-end large model application. If the validation passes, the content generated by the large model is allowed to be output to the current user; if the validation fails, an alarm is triggered and the large model is required to regenerate the content to prevent the large model from unauthorized referencing or fabricating data during the generation process. Therefore, step 107, "validating whether the generated content is entirely derived from the filtered RAG dataset," can be replaced by steps 201 to 205.

[0046] Step 201: Analyze the keywords and semantics in the generated content.

[0047] Step 202: Extract keywords from the content generated by the front-end application of the large model and compare them with the parsed keywords to check for the existence of unauthorized keywords.

[0048] Step 203: Calculate the semantic similarity between the content generated by the front-end application of the large model and the parsed content, and check for the existence of unauthorized RAG data.

[0049] Step 204: If the check finds unauthorized keywords or unauthorized RAG data, the generated content verification will fail.

[0050] Step 205: If no unauthorized keywords or unauthorized RAG data are found during the check, the verification passes.

[0051] Figure 3 The overall flow of the method in this application is shown below: (1) Metadata tag design: Based on the characteristics of enterprise private data and the needs of user identity and permission control, multi-dimensional metadata tags are designed to ensure that the metadata filtering dimensions are quantifiable and mappable.

[0052] (2) User identity and permission mapping: Based on the characteristics of enterprise private data and user identity and permissions, formulate RAG data access control policies to specifically define the scope of enterprise private data that users with different identity and permissions can access.

[0053] (3) Metadata tag association: Based on the established RAG data access control policy, RAG data, enterprise private data characteristic tags and user identity and permission tags are associated in the vector database.

[0054] (4) Validation of metadata tag association results: Build a rule base for validating metadata tag association results and perform compliance verification on the association results of RAG data and metadata tags in the vector library.

[0055] (5) When the verification passes, the RAG data, embedded vectors, and metadata tags are packaged and stored in the vector database, and an index is built based on the metadata tags; when the verification fails, an alarm is triggered and the RAG data access control policy is revised and the metadata tags are re-associated.

[0056] (6) When a user initiates a task request (such as query, question answering, etc.) using the large model front-end application, the current user identity and permission information is passed through the large model front-end application, and the user identity and permission information is parsed into metadata filtering conditions that can be recognized by the vector database.

[0057] (7) Perform a two-stage retrieval of RAG data based on metadata filtering conditions, and use the RAG dataset obtained after filtering retrieval as the data range that can be accessed when generating content for the large model, and feed it back to the front-end large model application.

[0058] (8) The large model front-end application generates content based on the filtered RAG dataset.

[0059] (9) Use keyword comparison and semantic association methods to verify the content generated by the large model. Verify whether the generated content is completely derived from the RAG dataset that the current user has permission to access after filtering. Feed back the content verification results to the front-end large model application.

[0060] (10) When the verification passes, the content generated by the large model is allowed to be output to the current user; when the verification fails, an alarm is triggered and the large model is required to regenerate the content.

[0061] This application uses metadata filtering technology as its core to construct a closed-loop control system for RAG data permissions, including metadata tag design, user identity and permission mapping, metadata tag association, RAG data retrieval filtering, and large model generated content verification. It designs multi-dimensional metadata tags and formulates RAG data access control strategies based on the characteristics of enterprise private data and user identity and permissions. During the construction of a vector database using RAG technology, RAG data and metadata tags are associated. When a user uses the large model, the current user's identity and permission information passed from the front-end application is used to perform a two-stage RAG data retrieval based on metadata filtering. The filtered data is then input into the large model to generate content, and the generated content is verified to ensure that it is entirely derived from the retrieved RAG data that the current user has permission to access, preventing unauthorized referencing or fabricated data during the large model's content generation process.

[0062] Based on the same inventive concept, this application also provides a system for implementing the methods described above. The solution provided by this system is similar to the solution described in the methods above; therefore, specific limitations in one or more system embodiments provided below can be found in the limitations of the methods described above, and will not be repeated here.

[0063] In one exemplary embodiment, such as Figure 4 As shown, a RAG data access control system based on metadata filtering is provided, including: a metadata tag management module, a user identity and permission policy management module, a metadata tag association management module, a RAG data retrieval and filtering module, and a large model generation content verification module.

[0064] The metadata tag management module is used to design metadata tags; the metadata tags include enterprise private data characteristic tags and user identity and permission tags.

[0065] The user identity and permission policy management module is used to formulate RAG data access control policies based on enterprise private data characteristic tags and user identity and permission tags.

[0066] The metadata tag association management module is used to associate enterprise private data and metadata tags in the vector database according to the RAG data access control policy; to perform compliance verification on the association results of enterprise private data and metadata tags in the vector database; and to package and store the enterprise private data and metadata tags into the vector database when the compliance verification is passed.

[0067] The RAG data retrieval and filtering module is used to process the current user's identity and permission information when a user initiates a task request through the large model front-end application. This information is then parsed into metadata filtering conditions. Based on these metadata filtering conditions, the module performs RAG data retrieval and filtering, obtains the filtered RAG dataset from the vector database, and feeds it back to the large model front-end application.

[0068] The large model generated content verification module is used to verify whether the generated content is completely derived from the filtered RAG dataset after the large model front-end application generates content based on the filtered RAG dataset. If the generated content passes the verification, the generated content is allowed to be output to the current user; otherwise, the large model front-end application is controlled to regenerate the content.

[0069] The following is a detailed introduction to each module.

[0070] (1) Metadata Tag Management Module: Provides standardized metadata tag management functions for the RAG data access control system based on metadata filtering, enabling the design, expansion, and maintenance of multi-dimensional metadata tags. It includes two sub-modules: tag group management and tag group category expansion.

[0071] The tag group management submodule supports the management of enterprise private data characteristic tag groups, maintaining the definition and value range of tags such as data source, data type, applicable department, applicable job role, entry time, data security level, and data security level validity period; it also supports the management of identity and permission tag groups, maintaining the definition and value range of tags such as user department, job role, and user security level; and it supports metadata tag version management.

[0072] The tag group category extension submodule supports the extension of metadata tag groups, allowing enterprises to customize and add new tag groups according to business needs; it also supports the extension of tag content under enterprise private data characteristic tag groups and user identity and permission tag groups, allowing enterprises to customize and add new tag content according to business needs.

[0073] (2) User Identity and Access Control Policy Management Module: This module provides RAG data access control policy management functionality for the metadata-based RAG data access control system. It allows for the formulation of RAG data access control policies based on enterprise private data characteristic tags and user identity and access control tags, defining the scope of enterprise private data that users with different identity and access permissions can access. It includes two sub-modules: RAG data access control policy definition and RAG data access control policy maintenance.

[0074] The RAG data access control policy definition submodule supports the definition of RAG data access control policies. It can associate tags under the enterprise private data tag group with tags under the user identity and permission tag group through the rule engine to form RAG data access judgment rules.

[0075] The RAG data access control policy maintenance submodule supports RAG data access control policy maintenance, including policy creation, modification, enabling / disabling, and version iteration. It also forces a strong synchronization update of the RAG data access control policy when metadata tags are expanded.

[0076] (3) Metadata Tag Association Management Module: During the conversion of enterprise private data into RAG vector data, this module completes the association of RAG data, enterprise private data characteristic tags, and user identity and permission tags, and supports the storage and indexing of the vector database. It includes four sub-modules: metadata tag association, metadata tag association result verification, RAG data storage and update, and RAG data indexing.

[0077] The metadata tag association submodule supports metadata tag association. When converting enterprise private data (such as internal documents, case studies, knowledge bases, etc.) into vectors, it automatically matches data characteristic tags according to the characteristics of enterprise private data, and associates RAG data, enterprise private data characteristic tags, and user identity and permission tags in the vector database according to the established RAG data access control policy.

[0078] The metadata tag association result verification submodule supports the management of metadata tag association result verification rules, supports the pre-built metadata tag association result verification rule library, supports the custom design and expansion of association result verification rules, and has built-in basic rules for association result verification, including but not limited to the security level of enterprise private data accessible to users being no lower than the user's security level, and the validity period of the enterprise private data security level being no earlier than the data entry time. It supports metadata tag association result verification, automatically triggering the verification process before RAG data is stored in the vector database. Based on the preset metadata tag association result verification rules, it performs compliance verification on the association results of RAG data and metadata tags in the vector database. When the verification fails, it returns an error message and blocks storage, allowing only data that passes the verification to enter the vector database, ensuring that the association results of RAG data and metadata tags comply with the security requirements for enterprise private data access control.

[0079] The RAG data storage and update submodule supports RAG data storage and updates. After the metadata tag association result is verified, the RAG data, embedded vectors, and metadata tags are packaged and stored in the vector database. It supports functions such as RAG data reading, writing, updating, modifying, and deleting.

[0080] The RAG data indexing submodule supports RAG data indexing, builds indexes for the metadata tags of RAG data, and ensures that RAG data in the vector database can be retrieved and categorized through metadata tags in the future.

[0081] (4) RAG Data Retrieval and Filtering Module: When a user initiates a task (such as querying or answering questions) using the large model front-end application, the module obtains the user's identity and permission information, parses the user's identity and permission information into metadata filtering conditions recognizable by the vector database, realizes a two-stage retrieval of RAG data based on metadata filtering, and finally includes the filtered and retrieved RAG data into the data range accessible when the large model generates content. It includes three sub-modules: user identity and permission parsing, two-stage filtering, and RAG retrieval result feedback.

[0082] The User Identity and Permission Parsing Submodule supports parsing user identity and permission information. When a user initiates tasks such as queries and Q&A using the large model front-end application, the large model front-end application passes the current user identity and permission information to this module, maps the user identity and permission information to user identity and permission tags, and parses it into metadata filtering conditions that can be recognized by the vector database.

[0083] The two-stage filtering submodule supports two-stage retrieval of RAG data, including two stages: metadata coarse filtering and semantic fine retrieval. The first stage, metadata coarse filtering, selects RAG candidate datasets that meet the user's permissions based on metadata filtering criteria from the vector database. The second stage, semantic fine retrieval, performs vector semantic retrieval on the filtered RAG candidate datasets, calculates the similarity between the user's task request and the RAG data, retains highly relevant data, and determines the RAG datasets that the current user has permission to access after filtering.

[0084] The RAG retrieval result feedback submodule supports the feedback of RAG data retrieval results, and feeds back the RAG datasets that the current user has permission to access to the large model front-end application.

[0085] (5) Large Model Generated Content Verification Module: After the large model front-end application generates content based on the feedback RAG dataset search results, it imports the content into this module to verify whether the content is entirely derived from the filtered RAG dataset that the current user has permission to access. If the verification passes, the large model is allowed to output the generated content to the current user. If the verification fails, an alarm is triggered and the large model is required to regenerate the content to prevent the large model from making unauthorized references or fabricating data during the generation process. It includes four sub-modules: large model generated content parsing, keyword comparison, semantic association analysis, and verification result feedback.

[0086] The large model content generation and parsing submodule supports the parsing of content generated by large models, connects to the front-end application of large models, imports the content generated by large models into this large model to form this module, and performs keyword and semantic parsing.

[0087] The keyword comparison submodule supports keyword comparison, extracting keywords from the content generated by the large model and comparing them with keywords in the retrieved authorized RAG data to check for the existence of unauthorized keywords.

[0088] The semantic association analysis submodule supports semantic association analysis. It calculates the semantic similarity between the content generated by the large model and the authorized RAG data through semantic vector comparison, and checks whether there is any unauthorized RAG data.

[0089] The verification result feedback submodule supports verification result feedback, summarizing keyword comparison and semantic association analysis results. If unauthorized keywords or unauthorized RAG data are found, the verification fails, is judged as unauthorized or fabricated, triggers an alarm, and requires the large model front-end application to regenerate the content; if no unauthorized keywords or unauthorized RAG data are found, the verification passes, and the large model front-end application is allowed to output the content generated by the large model to the current user.

[0090] The system in this application provides RAG data access control functionality for large-scale model front-end applications that access enterprise private data. The operation of the RAG data access control system based on metadata filtering includes two stages: the first stage is the preparation stage of the RAG data access control system, and the second stage is the interaction stage between the RAG data access control system and the front-end large-scale model application.

[0091] (1) First stage: RAG data access control system preparation stage: The system operation involves three steps: metadata tag design, user identity and permission mapping, and metadata tag association, which are used to build a RAG database that supports metadata filtering.

[0092] (2) Second stage: Interaction between the RAG data access control system and the front-end large model application: The system operation involves two steps: RAG data retrieval and filtering, and large model generation content verification, such as... Figure 5 As shown, the interaction process includes four interactive steps.

[0093] ① In the first stage, the front-end large model application inputs user identity and permission information. When the user uses the large model front-end application, the current user's identity and permission information is input from the large model front-end application to the RAG data retrieval and filtering module, which parses the user's identity and permission information into metadata filtering conditions that support RAG vector database retrieval.

[0094] ② In the second stage, the RAG data access control system provides feedback on the RAG datasets that the user has permission to access. After the RAG data retrieval and filtering module completes the filtering based on the user's identity and permission information, it feeds back the RAG datasets that the current user has permission to access to the front-end application of the large model.

[0095] ③ In the third stage, the front-end large model application inputs the large model generation. Based on the RAG dataset that the current user has permission to access, the front-end application constructs the large model generation content and then inputs the large model generation content into the large model generation content verification module.

[0096] ④ In the fourth stage, the RAG data access control system feeds back the verification results of the generated content of the large model. The large model generated content verification module feeds back the verification results to the large model front-end application. When the verification passes, the large model front-end application is allowed to output the generated content of the large model to the current user. When the verification fails, an alarm is triggered and the large model front-end application is required to regenerate the content.

[0097] As an optional implementation, the system proposed in this application can be loosely coupled with large model front-end applications, avoiding the need to build separate RAG access control systems for different large model front-end applications that use RAG technology to access enterprise private data. This can save enterprises system construction costs, simplify the RAG data access control management process, and effectively control investment costs while improving the security of enterprise private data access control. Specifically, the functions that can be implemented for different large model front-end applications are as follows.

[0098] (1) Based on the unified RAG access control policy configured in this system, a unified RAG data access control function is provided for different large model front-end applications.

[0099] (2) Based on the configuration of different RAG access control policies in this system, corresponding RAG data access control functions are provided for different large model front-end applications.

[0100] The advantages of this application are as follows: 1. This application proposes a RAG data access control method based on metadata filtering. It designs multi-dimensional metadata tags and, based on the enterprise's RAG data access control strategy formulated according to the characteristics of private data and user identity permissions, associates RAG data and metadata tags in a vector database. When a user uses a large model, the user's identity and permission information is passed through the large model's front-end application. This user identity and permission information is transformed into metadata filtering conditions, and a two-stage retrieval of RAG data based on metadata filtering is performed. This ensures that the content generated by the large model originates entirely from the retrieved RAG data that the current user has permission to access, preventing problems such as unauthorized referencing or fabricated data during the content generation process.

[0101] 2. This application proposes a RAG data access control system based on metadata filtering. It provides metadata tag design, user identity and permission mapping, metadata tag association, RAG data retrieval filtering, and large model generated content verification functions for large-scale applications that utilize RAG technology to access enterprise private data. Through metadata tag filtering, it achieves fine-grained access control of RAG data by combining the characteristics of enterprise private data with user identity and permissions. This ensures that current users can only access content generated from RAG data that the large model references and that they have the authority to access, thus restricting enterprise private data access to only authorized personnel and preventing cross-departmental data leakage within the enterprise.

[0102] 3. This application proposes a RAG data access control system based on metadata filtering, which can be loosely coupled with large-scale model front-end applications. Specifically, it can be configured with a unified RAG access control policy to provide unified RAG data access control functions for different large-scale model front-end applications, or it can be configured with different RAG access control policies to provide corresponding RAG data access control functions for different large-scale model front-end applications. This avoids building separate RAG access control systems for different large-scale model front-end applications that use RAG technology to access enterprise private data. This functional design approach can save enterprises system construction costs, simplify the RAG data access control management process, and effectively control investment costs while improving the security of enterprise private data access control.

[0103] The technical features of the above embodiments can be combined in any way. For the sake of brevity, not all possible combinations of the technical features in the above embodiments are described. However, as long as there is no contradiction in the combination of these technical features, they should be considered to be within the scope of this specification.

[0104] This document uses specific examples to illustrate the principles and implementation methods of this application. The descriptions of the above embodiments are only for the purpose of helping to understand the methods and core ideas of this application. Furthermore, those skilled in the art will recognize that, based on the ideas of this application, there will be changes in the specific implementation methods and application scope. Therefore, the content of this specification should not be construed as a limitation of this application.

Claims

1. A RAG data access control method based on metadata filtering, characterized in that, include: Design metadata tags; The metadata tags include enterprise private data characteristic tags and user identity and permission tags; Develop RAG data access control policies based on enterprise private data characteristic tags and user identity and permission tags; According to the RAG data access control policy, associate enterprise private data and metadata tags in the vector database; Perform compliance verification on the association results of enterprise private data and metadata tags in the vector database; Once compliance verification is passed, the enterprise's private data and metadata tags will be packaged and stored in the vector database; When a user initiates a task request using the large model front-end application, the current user's identity and permission information is passed through the large model front-end application, and the current user's identity and permission information is parsed into metadata filtering conditions. RAG data retrieval and filtering are performed based on the metadata filtering conditions. The filtered RAG dataset is obtained from the vector database and fed back to the large model front-end application. After generating content based on the filtered RAG dataset in the front end of the large model, verify whether the generated content is entirely derived from the filtered RAG dataset. If the generated content passes validation, it is allowed to be output to the current user; otherwise, the large model front-end application is controlled to regenerate the content.

2. The RAG data access control method based on metadata filtering according to claim 1, characterized in that, The enterprise private data characteristic tags include: data source, data type, applicable department, applicable job role, entry time, data security level, and data security level validity period; The user identity and permission tags include: department, job role, and user security level.

3. The RAG data access control method based on metadata filtering according to claim 1, characterized in that, The RAG data access control policy includes: the association between enterprise private data characteristic tags and user identity permission tags, and the scope of enterprise private data accessed by users with different identity permissions.

4. The RAG data access control method based on metadata filtering according to claim 1, characterized in that, If the compliance check fails, an alert will be issued, the RAG data access control policy will be revised, and the enterprise private data and metadata tags will be re-associated.

5. The RAG data access control method based on metadata filtering according to claim 1, characterized in that, The RAG data retrieval and filtering includes two stages: metadata filtering and semantic retrieval. In the metadata filtering stage: Based on the metadata filtering conditions, select RAG candidate datasets that meet the permissions from the vector database; In the semantic retrieval stage: vector semantic retrieval is performed on the RAG candidate dataset, the similarity between the task request and the RAG data in the RAG candidate dataset is calculated, RAG data with similarity greater than the similarity threshold is retained, and the filtered RAG dataset that the current user has permission to access is obtained.

6. The RAG data access control method based on metadata filtering according to claim 1, characterized in that, Verify whether the generated content is entirely derived from the filtered RAG dataset, specifically including: Analyze the keywords and semantics in the generated content; Extract keywords from the content generated by the front-end application of the large model and compare them with the parsed keywords to check for the existence of unauthorized keywords; Calculate the semantic similarity between the content generated by the front-end application of the large model and the parsed content, and check for the existence of unauthorized RAG data; If the check finds unauthorized keywords or unauthorized RAG data, the generated content will fail the verification. If no unauthorized keywords or unauthorized RAG data are found during the check, the verification passes.

7. A RAG data access control system based on metadata filtering, characterized in that, include: The metadata tag management module is used to design metadata tags; The metadata tags include enterprise private data characteristic tags and user identity and permission tags; The user identity and permission policy management module is used to formulate RAG data access control policies based on enterprise private data characteristic tags and user identity and permission tags. The metadata tag association management module is used to associate enterprise private data and metadata tags in the vector database according to the RAG data access control policy; Perform compliance verification on the association results of enterprise private data and metadata tags in the vector database; when the compliance verification passes, package the enterprise private data and metadata tags and store them in the vector database; The RAG data retrieval and filtering module is used to process the current user's identity and permission information when a user initiates a task request through the large model front-end application, and to parse the current user's identity and permission information into metadata filtering conditions; to perform RAG data retrieval and filtering according to the metadata filtering conditions, to obtain the filtered RAG dataset from the vector database, and to feed it back to the large model front-end application. The large model generated content verification module is used to verify whether the generated content is completely derived from the filtered RAG dataset after the large model front-end application generates content based on the filtered RAG dataset. If the generated content passes the verification, the generated content is allowed to be output to the current user; otherwise, the large model front-end application is controlled to regenerate the content.

8. The RAG data access control system based on metadata filtering according to claim 7, characterized in that, The metadata tag management module includes: a tag group management submodule and a tag group category extension submodule; The tag group management submodule supports the management of enterprise private data characteristic tags and user identity and permission tags; The tag group category extension submodule supports the expansion of tag categories and tag content.

9. The RAG data access control system based on metadata filtering according to claim 7, characterized in that, The user identity and permission policy management module includes: a RAG data access control policy definition submodule and a RAG data access control policy maintenance submodule; The RAG data access control policy definition submodule supports the definition of RAG data access control policies. The RAG data access control policy maintenance submodule supports the creation, modification, enabling, disabling, and version iteration of RAG data access control policies, and forces strong synchronization updates of RAG data access control policies when metadata tags are expanded.

10. The RAG data access control system based on metadata filtering according to claim 7, characterized in that, The metadata tag association management module includes: a metadata tag association submodule, a metadata tag association result verification submodule, a RAG data storage and update submodule, and a RAG data indexing submodule; The metadata tag association submodule supports metadata tag association. The metadata tag association result verification submodule supports pre-built, custom design, and expansion of the metadata tag association result verification rule library. Before RAG data is stored in the vector database, the verification process is automatically triggered. Based on the preset metadata tag association result verification rules, the association results of RAG data and metadata tags in the vector database are verified for compliance. If the verification fails, an error message is returned and storage is blocked. Only data that passes the verification is allowed to enter the vector database, ensuring that the association results of RAG data and metadata tags comply with the enterprise's private data access control security requirements. The RAG data storage and update submodule is used to package and store enterprise private data, embedded vectors, and metadata tags into the vector database after the metadata tag association result verification is passed. It also supports RAG data reading, writing, updating, modifying, and deleting. The RAG data indexing submodule is used to build an index for metadata tags of enterprise private data.