{"slug": "show-hn-i-made-permission-aware-rag-fine-grained-authz-for-vector-search", "title": "Show HN: I made Permission-aware RAG – fine-grained authz for vector search", "summary": "Authorizer 2.3.0 introduces Zanzibar-style fine-grained authorization (FGA) for vector search, enabling permission-aware RAG by pre-filtering document retrieval based on user access rights. The update includes an MCP server for agent permission enforcement and integrates with Qdrant to return only authorized chunks per user.", "body_md": "Hi HN — this release came from a problem I kept seeing when teams put RAG into production: retrieval and authorization are usually separate systems.\n\nVector databases rank chunks by similarity, not by who is asking. Once documents with different access levels share an index, retrieval can return chunks the user was never authorized to see. Nothing is broken — every component is doing exactly what it was designed to do.\n\nThe usual fixes all have drawbacks:\n\n* One index per role doesn't scale to relationship-based permissions. * Post-filtering after top-k hurts recall and still retrieves restricted content. * Prompt instructions aren't security boundaries.\n\nIn Authorizer 2.3.0 we added Zanzibar-style Fine-Grained Authorization (FGA) and an MCP server so agents can enforce the user's permissions rather than the agent's service account permissions.\n\nThe demo uses Qdrant + Authorizer FGA:\n\n1. Ask FGA which documents a user can access. 2. Push that authorization data into vector search as a pre-filter. 3. Retrieve only authorized chunks.\n\nSame question, different users, correctly different answers.\n\nFGA is new in this release, and I'd especially love feedback on the relationship model, schema ergonomics, and scaling strategies for large allow-lists.\n\nI'm also curious how others are solving permission-aware RAG today: OpenFGA, OPA, homegrown filters, something else?\n\nRepo: [https://github.com/authorizerdev/authorizer](https://github.com/authorizerdev/authorizer)\n\nDemo: [https://github.com/lakhansamani/qdrant-rag-llm-example](https://github.com/lakhansamani/qdrant-rag-llm-example)\n\nBlog: [https://blog.authorizer.dev/permission-aware-rag-authorizer-...](https://blog.authorizer.dev/permission-aware-rag-authorizer-openfga-qdrant)\n\nHappy to answer questions about the architecture, Zanzibar tradeoffs, MCP integration, or why we put this inside the auth server rather than a separate service.\n\nComments URL: [https://news.ycombinator.com/item?id=48555648](https://news.ycombinator.com/item?id=48555648)\n\nPoints: 1\n\n# Comments: 0", "url": "https://wpnews.pro/news/show-hn-i-made-permission-aware-rag-fine-grained-authz-for-vector-search", "canonical_source": "https://blog.authorizer.dev/permission-aware-rag-authorizer-openfga-qdrant", "published_at": "2026-06-16 14:13:26+00:00", "updated_at": "2026-06-16 14:19:23.054407+00:00", "lang": "en", "topics": ["ai-agents", "ai-tools", "ai-infrastructure", "large-language-models", "ai-safety"], "entities": ["Authorizer", "Qdrant", "OpenFGA", "Zanzibar", "MCP"], "alternates": {"html": "https://wpnews.pro/news/show-hn-i-made-permission-aware-rag-fine-grained-authz-for-vector-search", "markdown": "https://wpnews.pro/news/show-hn-i-made-permission-aware-rag-fine-grained-authz-for-vector-search.md", "text": "https://wpnews.pro/news/show-hn-i-made-permission-aware-rag-fine-grained-authz-for-vector-search.txt", "jsonld": "https://wpnews.pro/news/show-hn-i-made-permission-aware-rag-fine-grained-authz-for-vector-search.jsonld"}}