ClaudeDrive
← All articles
1 min read

Permission-aware retrieval for LLMs: enforce at retrieval, not after

Why filtering ACLs at retrieval — under each user's own identity — is the only design that doesn't leak, and how a governed context layer feeds Claude without a superuser tool path.

ClaudeDrive

A Yungsten Tech product

The leak nobody sees coming

Most enterprise retrieval filters access in the application layer, after the documents are already in hand. That is the design that leaks. The fix is to carry the requesting user's identity into the gateway and filter ACLs at retrieval — never with a superuser service account.

What changes

  • Every chunk carries its access policy, tagged at ingest.
  • Retrieval runs under the caller's scopes, so a result can only contain what they may see.
  • No confused-deputy tool path: nothing runs with more privilege than the calling user.

See the incumbent approach for contrast.