Skip to main content
Version: 2.0

Authorization Overview

Control access to your Vectara resources with role-based, attribute-based, and multi-tenant access control.

Vectara provides multiple authorization mechanisms to control who can access what data and perform which operations. From role-based permissions that define broad access patterns to attribute-based filters that enable fine-grained control, Vectara's authorization framework helps you build secure, scalable applications.

Authorization approaches

Vectara supports several complementary authorization strategies:

Enterprise Access Patterns

Understand the different user personas and their typical access patterns.

Maps roles to appropriate authentication and authorization strategies.

Role-Based Access Control (RBAC)

Assign permissions based on predefined roles like QueryService or IndexService.

Provides coarse-grained access control at the account and corpus level.

Attribute-Based Access Control (ABAC)

Use metadata filters to control access at the document level.

Enables fine-grained authorization based on user attributes and document properties.

Multi-Tenant Corpus Isolation

Dedicate separate corpora to different tenants for complete data isolation.

Simplifies access control and provides clear security boundaries.

Combine Access Control with Application Filters

Layer multiple authorization mechanisms for comprehensive security.

Demonstrates real-world patterns combining RBAC, ABAC, and application logic.

Choosing the right approach

Different scenarios call for different authorization strategies:

  • Role-Based Access Control (RBAC): Best for defining broad access patterns like "developers can query" or "admins can manage corpora"
  • Attribute-Based Access Control (ABAC): Ideal for fine-grained control based on user attributes or document properties
  • Multi-Tenant Isolation: Essential for SaaS applications where complete data separation is required
  • Hybrid Approaches: Combine multiple mechanisms for layered security and flexibility

Next steps

  1. Start with Enterprise Access Patterns to understand typical user roles and needs
  2. Review Role-Based Access Control for account-level permissions
  3. Explore Attribute-Based Access Control for document-level filtering
  4. Consider Multi-Tenant Corpus Isolation for complete data separation
  5. See Combine Access Control for real-world implementation patterns