{"id":17549,"date":"2025-09-16T10:15:54","date_gmt":"2025-09-16T17:15:54","guid":{"rendered":"https:\/\/www.couchbase.com\/blog\/?p=17549"},"modified":"2025-09-16T10:15:54","modified_gmt":"2025-09-16T17:15:54","slug":"securing-agentic-rag-pipelines","status":"publish","type":"post","link":"https:\/\/www.couchbase.com\/blog\/ko\/securing-agentic-rag-pipelines\/","title":{"rendered":"\uc138\ubd84\ud654\ub41c \uad8c\ud55c \ubd80\uc5ec\ub85c \uc5d0\uc774\uc804\ud2b8\/RAG \ud30c\uc774\ud504\ub77c\uc778 \ubcf4\ud638"},"content":{"rendered":"

Over the previous 3 years, the AI landscape has gone through a massive transformation. We’ve gone from basic language models to full-fledged AI Agents<\/b> that can take action on our behalf in just a few short years. AI is the new buzz word everywhere. We all joke about it, but in reality, it has had an incredible boom and is extremely powerful. And, as you can see, AI is not new. It has been around for a while, but since the introduction of LLMs and Generative AI in 2023, there has been a spike in its use.<\/p>\n

While the potential for productivity using AI is huge, there are security concerns that should be addressed when working with autonomous systems like AI Agents. Misconfigured access policies to data could lead to AI retrieving sensitive internal documents or exposing confidential data. Therefore, in this blog we explore how traditional access control approaches fall short when AI systems need contextual, document-level permissions at scale and speed. And we cover how Fine-Grained Authorization (FGA) provides robust security for Retrieval-Augmented Generation (RAG) and agentic AI systems. Thus, learn how to implement permission models that protect sensitive information while enabling AI to access only authorized data.<\/p>\n

The changing AI landscape \u2013 and the security gaps<\/h2>\n

AI agents perform tasks for the human by calling APIs, learning from errors, and sometimes working with no human supervision. But, of course, there are risks associated with this fast growth and one of those big risks is security. We\u2019ve seen several tweets as well as heard many folks within the industry discuss the importance of security and authentication when leveraging AI and AI agents. Currently, there\u2019s no universal blueprint for building AI securely into applications.<\/p>\n

OWASP started defining the\u00a0 Top 10 for LLM Applications in<\/b> 2023 as a community-driven effort to highlight and address security issues specific to AI applications, and there are the top 10 points for 2025. One of them is Sensitive information disclosure. AI agents can be autonomous, so without the proper handling they might reveal sensitive information or confidential enterprise data, and this can happen as a result of a deliberate attack or accidentally.<\/p>\n

AI must consider user permissions when accessing data. How do we enforce that an Agent cannot modify existent records or access documents restricted to other employees at runtime?<\/p>\n

The answer is with \uad8c\ud55c \ubd80\uc5ec<\/b>. We need to make sure our AI <\/b>systems only show the right information to the right user.<\/p>\n

Why traditional authorization falls short<\/h2>\n

Role Based Access Control: RBAC is the most common way people implement authorization in their applications and websites. When we use RBAC, we are checking for roles. Whether the user has a certain role assigned to them or not before making access decisions. If they have the role they get access, if they don\u2019t they get a 403 Forbidden error. The main downside to RBAC is mainly scalability. It doesn’t scale well when there are multiple roles.<\/p>\n

Attribute based access control (ABAC): ABAC is a step up from RBAC for fine grained access, allowing us to grant some users access to individual documents, and others access to others.<\/p>\n

However, it still falls short when the document is in nested folders, you would need to retrieve all the folders recursively up the chain. When the user is in nested groups, you need to do the same thing. And you need to do all this in order to authorize the request.<\/p>\n

So let\u2019s see what is an even better way of doing authorization. This is where ReBAC (Relationship-Based Access Control) comes in. ReBAC allows expressing authorization rules based on relations that users and objects in a system have amongst each other. ReBAC services use their knowledge of the relationships between the different entities in the system in order to reach an authorization decision. The good thing about RebAC is that it can do both RBAC and ABAC depending on how you define those relationships.<\/p>\n

Fine-grained authorization \u2013 the missing layer<\/h2>\n

Fine Grained Authorization (FGA)<\/b> dynamically enforces access rules at the resource level<\/b>. Instead of granting blanket permissions, FGA determines at query time exactly which documents a user is allowed to see.<\/p>\n

FGA is all about controlling who can do what with what kind of resources, down to an individual level. In a typical scenario showing a role-based system, one might say, \u201cAdmins can see everything, but Regular Users can see only some subset.\u201d But in a real-world app, especially one that deals with many documents, this might not be flexible enough. This is where OpenFGA comes in.<\/p>\n

OpenFGA<\/a> is a CNCF-hosted, open-source project maintained by Okta. It was inspired by Google\u2019s Zanzibar system which describes how authorization for all of Google’s services was built. OpenFGA addresses the above by letting you define authorization relationships. The relationships defined in the authorization model can be either direct or indirect. Simply put, direct relationships are directly assigned between a user and object and stored in a database. Indirect relationships are the relationships we can infer based on the data and the authorization model.<\/p>\n

Setting up OpenFGA ReBAC<\/h3>\n

There are 4 main concepts about OpenFGA and how it works:<\/p>\n

    \n
  1. \n
      \n
    1. Store: <\/b>A store is an OpenFGA entity used to organize authorization models and tuples. Literally where you store your data<\/li>\n
    2. Authorization Model: <\/b>An authorization model is where you define who can do what and under which conditions.\u00a0 These are going to be your authorization policies expressed in a model. In the model, we have to define the entities which are going to be relevant when making authorization decisions.<\/li>\n
    3. Relationship Tuples<\/b>: A relationship tuple is a base tuple or triplet consisting of a user, relation, and object. You can think of tuples as the \u201cfacts\u201d of your authorization system. We have a form of user-to-object relationship. The data that is present on the relationship tuples essentially defines the state of your system, and you modify the tuples as the state of your system evolves<\/li>\n
    4. \ucffc\ub9ac: <\/b>Last of all, to use this to check authorization we have to be able to query the system. And what the OpenFGA system does to answer this question is to traverse the graph. So the FGA system starts at the resource (the expense report) and – from the top down – it asks<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n

      In summary, the data in the relationship tuples define the graph. The authorization model defines rules for traversing the graph. And when you query the system, the query traverses the graph according to the rules and returns either \u201cYes, you\u2019re authorized\u201d or \u201cNo you’re not\u201d depending upon the result.<\/p>\n

      OpenFGA relationship-based access control
      \"\"<\/h3>\n
      # Model definition\r\ntype user\r\ntype team\r\n\u00a0\u00a0relations\r\n\u00a0\u00a0\u00a0\u00a0define member: [user]\r\ntype document\r\n\u00a0\u00a0relations\r\n\u00a0\u00a0\u00a0\u00a0define viewer: [team#member]\r\n\r\n# Relationship tuples\r\nteam:finance#member@user:kate\r\ndocument:forecast.pdf#viewer@team:finance<\/pre>\n
      \uc758\ubbf8<\/b>: Kate can view forecast.pdf because she\u2019s a member of the Finance team, which has viewer rights on that document.<\/p>\n
      Implementing FGA in a RAG AI pipeline<\/h2>\n
      RAG is a framework designed to overcome the limitations of LLMs and provide more accurate and detailed responses. Although LLMs are trained on vast data sets, they often struggle with specialized knowledge, up-to-date information and generating factually incorrect outputs, also known as “hallucinations.” RAG mitigates these problems by dynamically retrieving relevant data from external sources in real time.<\/p>\n
      Instead of relying purely on pre-trained knowledge, a RAG system retrieves domain-specific data. This is great when the data is public or freely shareable. But what to do if some of that data is restricted or confidential? This raises a significant challenge: ensuring that each user only accesses the information they are authorized to see. A secure RAG system needs to enforce fine-grained access control without sacrificing speed or scalability. Roles might change, projects can be reassigned, and permissions could evolve over time. Handling all this efficiently is key to building a truly secure and robust RAG application.<\/p>\n
      And this is exactly where OpenFGA comes in. By integrating OpenFGA with a RAG pipeline, we can decouple access control logic from the core RAG application. We can enforce authorization models in real time, and ensure that retrieved context is always filtered according to user permissions before being sent to the LLM for generating a response.<\/p>\n
      When integrating with a vector database like \uce74\uc6b0\uce58\ubca0\uc774\uc2a4<\/b>, there are two main strategies to implement OpenFGA for RAG:<\/p>\n
      1. Post-filtering<\/h3>\n
        \n
      • \n
          \n
        • Retrieve documents from Couchbase Vector Search<\/li>\n
        • Pass results to OpenFGA to remove unauthorized docs<\/li>\n
        • Send filtered results to the AI model<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n
          \"\"<\/p>\n
           def search_authorized_documents(self, query: str, user_id: str, top_k: int = 5) -> List[Dict[str, Any]]:\r\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\"\"\"Search for documents using the pre-query filtering pattern\"\"\"\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0try:\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0# Step 1: Get authorized document IDs from OpenFGA\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0authorized_docs = self.get_authorized_documents(user_id)\r\n\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0if not authorized_docs:\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0print(f\"No authorized documents found for user: {user_id}\")\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0return []\r\n\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0# Step 2: Generate embedding for search query\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0query_embedding = self.generate_embeddings(query, \"text-embedding-ada-002\")\r\n\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0# Step 3: Perform vector search with metadata filter for authorized documents\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0search_req = SearchRequest.create(MatchNoneQuery()).with_vector_search(\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0VectorSearch.from_vector_query(\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0VectorQuery(\"embedding\", query_embedding, num_candidates=top_k * 2)\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0)\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0)\r\n\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0# Execute search\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0result = self.scope.search(self.search_index_name, search_req)\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0rows = list(result.rows())\r\n\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0# Step 4: Filter results to only include authorized documents\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0authorized_results = []\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0for row in rows:\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0try:\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0# Get the full document\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0doc = self.collection.get(row.id)\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0if doc and doc.value:\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0doc_content = doc.value\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0doc_source = doc_content.get(\"source\", \"\")\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0# Check if this document is in the authorized list\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0if doc_source in authorized_docs:\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0authorized_results.append({\r\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\"id\": row.id,\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\"text\": doc_content.get(\"text\", \"\"),\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\"source\": doc_source,\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\"score\": row.score,\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\"metadata\": doc_content.get(\"metadata\", {})\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0})\r\n\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0# Stop if we have enough results\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0if len(authorized_results) >= top_k:\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0break\r\n\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0except Exception as doc_error:\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0print(f\"Could not fetch document {row.id}: {doc_error}\")\r\n\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0return authorized_results<\/pre>\n
          2. Pre-filtering<\/h3>\n
            \n
          • \n
              \n
            • Call OpenFGA to remove the unauthorized docs<\/li>\n
            • Add a pre filter for the vector search query to limit the search scope<\/li>\n
            • Only retrieve embeddings for documents the user can access<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n
              \"\"<\/p>\n
              \n
              Example of FGA with RAG<\/h2>\n
              \"\"<\/p>\n
              Let\u2019s say you as a developer want to use an AI-assistant to get the forecast of the company. The system must ensure you only see the public forecast data and not any private financial reports that are restricted to the Finance team. Without the right safeguards, this becomes a Sensitive Information Disclosure risk, exactly the kind of issue highlighted by the OWASP Top 10 for LLM applications.<\/p>\n
              Here\u2019s how Fine-Grained Authorization (FGA) solves it:<\/p>\n
              Step 1 –<\/strong>\u00a0Permissions Check<\/strong>: OpenFGA checks the access rights. If the access doesn\u2019t belong to the Finance team, private financial documents are excluded.<\/p>\n
              2\ub2e8\uacc4<\/strong> – \ud544\ud130\ub9c1<\/strong>: OpenFGA (via its SDK) filters out any results the user shouldn\u2019t see.<\/p>\n
              3\ub2e8\uacc4<\/strong> – \ubb38\uc11c \uac80\uc0c9<\/strong>: Perform vector search with the applied filter to only retrieve documents permissible to be seen by the user.<\/p>\n
              4\ub2e8\uacc4<\/strong> – Answer Generation<\/strong>: LLM generates a response only from the authorized subset of documents.<\/p>\n
              Real world applications<\/h2>\n
              There are a lot of benefits to applying Fine-Grained Authorization in AI applications. Let\u2019s explore some of the popular use cases:<\/p>\n
                \n
              • \n
                  \n
                • Multi-Tenant SaaS<\/b>: One tenant\u2019s AI queries never retrieve another tenant\u2019s data<\/li>\n
                • \ud5ec\uc2a4\ucf00\uc5b4<\/b>: Patient record retrieval that is restricted to only authorized practitioners<\/li>\n
                • \uae08\uc735<\/b>: Sensitive forecasts and regulatory data accessible only to relevant teams<\/li>\n
                • \ubc95\ub960<\/b>: Case documents restricted based on client-attorney assignments<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n
                  Final thoughts: security without sacrificing speed<\/h2>\n
                  Without the right security, you risk adding a whole new attack surface to your application with agentic AI. AI applications now handle sensitive user data and are not just processing the information; they are interacting with APIs, automating decisions, and acting on users\u2019 behalf<\/p>\n
                  The agents need to have least privileged access to user data, non-static access credentials, and fine grained access control. OpenFGA provides a way to secure AI in apps while also enabling the applications to scale hundreds of millions active users seamlessly as the agent ecosystem grows.<\/p>\n
                  Thus, Fine-Grained Authorization, powered by OpenFGA and integrated with Couchbase Vector Search, ensures AI systems are both powerful and safe, thus delivering AI innovation without compromising security.<\/p>","protected":false},"excerpt":{"rendered":"
                  Over the previous 3 years, the AI landscape has gone through a massive transformation. We’ve gone from basic language models to full-fledged AI Agents that can take action on our behalf in just a few short years. AI is the […]<\/p>","protected":false},"author":85674,"featured_media":17554,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[10123,10122],"tags":[9954,10152],"ppma_author":[10153,10069],"class_list":["post-17549","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-agentic-ai-apps","category-artificial-intelligence-ai","tag-okta","tag-openfga"],"acf":[],"yoast_head":"\nSecuring Agentic\/RAG Pipelines with Fine-Grained Authorization - The Couchbase Blog<\/title>\n<meta name=\"description\" content=\"Explore how traditional access control approaches fall short when AI systems need contextual, document-level permissions at scale and speed.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.couchbase.com\/blog\/ko\/securing-agentic-rag-pipelines\/\" \/>\n<meta property=\"og:locale\" content=\"ko_KR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Securing Agentic\/RAG Pipelines with Fine-Grained Authorization\" \/>\n<meta property=\"og:description\" content=\"Explore how traditional access control approaches fall short when AI systems need contextual, document-level permissions at scale and speed.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.couchbase.com\/blog\/ko\/securing-agentic-rag-pipelines\/\" \/>\n<meta property=\"og:site_name\" content=\"The Couchbase Blog\" \/>\n<meta property=\"article:published_time\" content=\"2025-09-16T17:15:54+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2025\/09\/blog-securing-agentic-ai-1024x536.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t<meta property=\"og:image:height\" content=\"536\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Ashish Jha - Solutions Engineer, Okta, Shivay Lamba, Developer Evangelist\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ashish Jha - Solutions Engineer, Okta\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"9\ubd84\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/securing-agentic-rag-pipelines\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/securing-agentic-rag-pipelines\/\"},\"author\":{\"name\":\"Ashish Jha - Solutions Engineer, Okta\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/e1c6aed03dd581a9108610ae1e1f60f6\"},\"headline\":\"Securing Agentic\/RAG Pipelines with Fine-Grained Authorization\",\"datePublished\":\"2025-09-16T17:15:54+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/securing-agentic-rag-pipelines\/\"},\"wordCount\":1763,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/securing-agentic-rag-pipelines\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2025\/09\/blog-securing-agentic-ai.png\",\"keywords\":[\"okta\",\"OpenFGA\"],\"articleSection\":[\"Agentic AI Applications\",\"Artificial Intelligence (AI)\"],\"inLanguage\":\"ko-KR\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.couchbase.com\/blog\/securing-agentic-rag-pipelines\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/securing-agentic-rag-pipelines\/\",\"url\":\"https:\/\/www.couchbase.com\/blog\/securing-agentic-rag-pipelines\/\",\"name\":\"Securing Agentic\/RAG Pipelines with Fine-Grained Authorization - The Couchbase Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/securing-agentic-rag-pipelines\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/securing-agentic-rag-pipelines\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2025\/09\/blog-securing-agentic-ai.png\",\"datePublished\":\"2025-09-16T17:15:54+00:00\",\"description\":\"Explore how traditional access control approaches fall short when AI systems need contextual, document-level permissions at scale and speed.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/securing-agentic-rag-pipelines\/#breadcrumb\"},\"inLanguage\":\"ko-KR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.couchbase.com\/blog\/securing-agentic-rag-pipelines\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"ko-KR\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/securing-agentic-rag-pipelines\/#primaryimage\",\"url\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2025\/09\/blog-securing-agentic-ai.png\",\"contentUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2025\/09\/blog-securing-agentic-ai.png\",\"width\":2400,\"height\":1256},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/securing-agentic-rag-pipelines\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.couchbase.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Securing Agentic\/RAG Pipelines with Fine-Grained Authorization\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#website\",\"url\":\"https:\/\/www.couchbase.com\/blog\/\",\"name\":\"The Couchbase Blog\",\"description\":\"Couchbase, the NoSQL Database\",\"publisher\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.couchbase.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"ko-KR\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#organization\",\"name\":\"The Couchbase Blog\",\"url\":\"https:\/\/www.couchbase.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"ko-KR\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png\",\"contentUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png\",\"width\":218,\"height\":34,\"caption\":\"The Couchbase Blog\"},\"image\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/e1c6aed03dd581a9108610ae1e1f60f6\",\"name\":\"Ashish Jha - Solutions Engineer, Okta\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"ko-KR\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/image\/f692380ba3ef401282d02b92ef37d3fd\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/3e1528f012532b48a765bb1f058702005a072d806b6de76ae68fd832bf7d5947?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/3e1528f012532b48a765bb1f058702005a072d806b6de76ae68fd832bf7d5947?s=96&d=mm&r=g\",\"caption\":\"Ashish Jha - Solutions Engineer, Okta\"},\"url\":\"https:\/\/www.couchbase.com\/blog\/ko\/author\/ashishjha\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Securing Agentic\/RAG Pipelines with Fine-Grained Authorization - The Couchbase Blog","description":"Explore how traditional access control approaches fall short when AI systems need contextual, document-level permissions at scale and speed.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.couchbase.com\/blog\/ko\/securing-agentic-rag-pipelines\/","og_locale":"ko_KR","og_type":"article","og_title":"Securing Agentic\/RAG Pipelines with Fine-Grained Authorization","og_description":"Explore how traditional access control approaches fall short when AI systems need contextual, document-level permissions at scale and speed.","og_url":"https:\/\/www.couchbase.com\/blog\/ko\/securing-agentic-rag-pipelines\/","og_site_name":"The Couchbase Blog","article_published_time":"2025-09-16T17:15:54+00:00","og_image":[{"width":1024,"height":536,"url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2025\/09\/blog-securing-agentic-ai-1024x536.png","type":"image\/png"}],"author":"Ashish Jha - Solutions Engineer, Okta, Shivay Lamba, Developer Evangelist","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Ashish Jha - Solutions Engineer, Okta","Est. reading time":"9\ubd84"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.couchbase.com\/blog\/securing-agentic-rag-pipelines\/#article","isPartOf":{"@id":"https:\/\/www.couchbase.com\/blog\/securing-agentic-rag-pipelines\/"},"author":{"name":"Ashish Jha - Solutions Engineer, Okta","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/e1c6aed03dd581a9108610ae1e1f60f6"},"headline":"Securing Agentic\/RAG Pipelines with Fine-Grained Authorization","datePublished":"2025-09-16T17:15:54+00:00","mainEntityOfPage":{"@id":"https:\/\/www.couchbase.com\/blog\/securing-agentic-rag-pipelines\/"},"wordCount":1763,"commentCount":0,"publisher":{"@id":"https:\/\/www.couchbase.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/securing-agentic-rag-pipelines\/#primaryimage"},"thumbnailUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2025\/09\/blog-securing-agentic-ai.png","keywords":["okta","OpenFGA"],"articleSection":["Agentic AI Applications","Artificial Intelligence (AI)"],"inLanguage":"ko-KR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.couchbase.com\/blog\/securing-agentic-rag-pipelines\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.couchbase.com\/blog\/securing-agentic-rag-pipelines\/","url":"https:\/\/www.couchbase.com\/blog\/securing-agentic-rag-pipelines\/","name":"Securing Agentic\/RAG Pipelines with Fine-Grained Authorization - The Couchbase Blog","isPartOf":{"@id":"https:\/\/www.couchbase.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.couchbase.com\/blog\/securing-agentic-rag-pipelines\/#primaryimage"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/securing-agentic-rag-pipelines\/#primaryimage"},"thumbnailUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2025\/09\/blog-securing-agentic-ai.png","datePublished":"2025-09-16T17:15:54+00:00","description":"Explore how traditional access control approaches fall short when AI systems need contextual, document-level permissions at scale and speed.","breadcrumb":{"@id":"https:\/\/www.couchbase.com\/blog\/securing-agentic-rag-pipelines\/#breadcrumb"},"inLanguage":"ko-KR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.couchbase.com\/blog\/securing-agentic-rag-pipelines\/"]}]},{"@type":"ImageObject","inLanguage":"ko-KR","@id":"https:\/\/www.couchbase.com\/blog\/securing-agentic-rag-pipelines\/#primaryimage","url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2025\/09\/blog-securing-agentic-ai.png","contentUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2025\/09\/blog-securing-agentic-ai.png","width":2400,"height":1256},{"@type":"BreadcrumbList","@id":"https:\/\/www.couchbase.com\/blog\/securing-agentic-rag-pipelines\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.couchbase.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Securing Agentic\/RAG Pipelines with Fine-Grained Authorization"}]},{"@type":"WebSite","@id":"https:\/\/www.couchbase.com\/blog\/#website","url":"https:\/\/www.couchbase.com\/blog\/","name":"\uce74\uc6b0\uce58\ubca0\uc774\uc2a4 \ube14\ub85c\uadf8","description":"NoSQL \ub370\uc774\ud130\ubca0\uc774\uc2a4, Couchbase","publisher":{"@id":"https:\/\/www.couchbase.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.couchbase.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"ko-KR"},{"@type":"Organization","@id":"https:\/\/www.couchbase.com\/blog\/#organization","name":"\uce74\uc6b0\uce58\ubca0\uc774\uc2a4 \ube14\ub85c\uadf8","url":"https:\/\/www.couchbase.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"ko-KR","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png","contentUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png","width":218,"height":34,"caption":"The Couchbase Blog"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/e1c6aed03dd581a9108610ae1e1f60f6","name":"Ashish Jha - Solutions Engineer, Okta","image":{"@type":"ImageObject","inLanguage":"ko-KR","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/image\/f692380ba3ef401282d02b92ef37d3fd","url":"https:\/\/secure.gravatar.com\/avatar\/3e1528f012532b48a765bb1f058702005a072d806b6de76ae68fd832bf7d5947?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/3e1528f012532b48a765bb1f058702005a072d806b6de76ae68fd832bf7d5947?s=96&d=mm&r=g","caption":"Ashish Jha - Solutions Engineer, Okta"},"url":"https:\/\/www.couchbase.com\/blog\/ko\/author\/ashishjha\/"}]}},"authors":[{"term_id":10153,"user_id":85674,"is_guest":0,"slug":"ashishjha","display_name":"Ashish Jha - Solutions Engineer, Okta","avatar_url":"https:\/\/secure.gravatar.com\/avatar\/3e1528f012532b48a765bb1f058702005a072d806b6de76ae68fd832bf7d5947?s=96&d=mm&r=g","author_category":"1","last_name":"Jha - Solutions Engineer, Okta","first_name":"Ashish","job_title":"","user_url":"","description":""},{"term_id":10069,"user_id":85559,"is_guest":0,"slug":"shivaylambda","display_name":"Shivay Lamba, Developer Evangelist","avatar_url":{"url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2025\/01\/shivay-lambda-couchbase.jpeg","url2x":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2025\/01\/shivay-lambda-couchbase.jpeg"},"author_category":"1","last_name":"Lamba - Developer Evangelist","first_name":"Shivay","job_title":"","user_url":"","description":""}],"_links":{"self":[{"href":"https:\/\/www.couchbase.com\/blog\/ko\/wp-json\/wp\/v2\/posts\/17549","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.couchbase.com\/blog\/ko\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.couchbase.com\/blog\/ko\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/ko\/wp-json\/wp\/v2\/users\/85674"}],"replies":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/ko\/wp-json\/wp\/v2\/comments?post=17549"}],"version-history":[{"count":0,"href":"https:\/\/www.couchbase.com\/blog\/ko\/wp-json\/wp\/v2\/posts\/17549\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/ko\/wp-json\/wp\/v2\/media\/17554"}],"wp:attachment":[{"href":"https:\/\/www.couchbase.com\/blog\/ko\/wp-json\/wp\/v2\/media?parent=17549"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/ko\/wp-json\/wp\/v2\/categories?post=17549"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/ko\/wp-json\/wp\/v2\/tags?post=17549"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/ko\/wp-json\/wp\/v2\/ppma_author?post=17549"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}