ARBITER: AI-Driven Filtering for Role-Based Access Control

TL;DR

This paper presents ARBITER, an AI-driven filtering system designed to enhance role-based access control in RAG systems, addressing data leakage issues with layered validation and role-aware retrieval, achieving near-traditional RBAC accuracy.

Contribution

ARBITER introduces a novel prompt-based, LLM-driven RBAC approach with layered validation and role-aware retrieval for dynamic enterprise environments.

Findings

Achieves 85% accuracy in query filtering

Reaches 89% F1-score in role-based filtering

Demonstrates near-traditional RBAC performance

Abstract

Role-Based Access Control (RBAC) struggles to adapt to dynamic enterprise environments with documents that contain information that cannot be disclosed to specific user groups. As these documents are used by LLM-driven systems (e.g., in RAG) the problem is exacerbated as LLMs can leak sensitive data due to prompt truncation, classification errors, or loss of system context. We introduce \our, a system designed to provide RBAC in RAG systems. \our implements layered input/output validation, role-aware retrieval, and post-generation fact-checking. Unlike traditional RBAC approaches that rely on fine-tuned classifiers, \our uses LLMs operating in few-shot settings with prompt-based steering for rapid deployment and role updates. We evaluate the approach on 389 queries using a synthetic dataset. Experimental results show 85\% accuracy and 89\% F1-score in query filtering, close to traditional RBAC solutions. Results suggest that practical RBAC deployment on RAG systems is approaching the maturity level needed for dynamic enterprise environments.