Home/ Part XIII — Expert Mode: Systems, Agents, and Automation/41. Advanced RAG (Beyond the Basics)/41.2 Metadata filtering and access control

41.2 Metadata filtering and access control

Overview and links for this section of the guide.

On this page

The Data Leak
Filtering Before Retrieval
Where to go next

The Data Leak

If User A asks "What is my salary?", and your RAG retrieves the "Salaries" document, you just leaked data. Vector search doesn't know about permissions.

Filtering Before Retrieval

You must apply metadata filters at the database level.

index.query(
  vector=embedding,
  filter={
    "user_id": current_user.id,
    "access_level": "public"
  }
)

Never filter after retrieval. You might filter out all 10 results and have nothing left to show.

Where to go next

41.3 Query rewriting and expansion