Skip to Content
Aegis Enterprise
DocumentationAegis EnterpriseRagSemantic RAG

Structured Semantic RAG with Access Control

Retrieval-Augmented Generation (RAG) improves language models by letting them pull in external context — but traditional implementations fall short for enterprise use. Aegis extends this pattern with Structured Semantic RAG: a secure, metadata-aware, graph-enabled retrieval system that supports fine-grained access control.

This guide explains what makes Structured Semantic RAG (SSRAG) different, why it’s needed, and how it enables enterprise-grade retrieval for intelligent agents.

Why Simple Semantic Search Falls Short

Imagine building an assistant for a multi-tenant healthcare platform. A physician asks:

“Summarize the patient’s respiratory history.”

Standard RAG will:

  • Embed the query
  • Run approximate nearest neighbor search
  • Return the top-k closest document chunks

Problems:

  • May return data from other patients or departments
  • Doesn’t filter by user role or visibility
  • Doesn’t understand document structure or relationships

In enterprise settings, this leads to:

  • Data leakage across tenants
  • Inconsistent or irrelevant answers
  • Lack of control and traceability

What SSRAG Adds

Structured Semantic RAG enhances traditional RAG with:

1. Structured Metadata Filtering

Every document and chunk in Aegis is tagged with metadata like:

  • tenant_id, document_type, access_visibility, tags, owner_id

At query time, we filter based on:

  • User’s tenant and role
  • Required tags or document types
  • Visibility constraints

Example:

Only return chunks from physician-notes tagged respiratory, authored within the user’s department, and marked private.

2. Semantic Graph Relationships (GraphRAG)

Chunks are not isolated — they’re linked semantically:

  • “Patient History” → “Treatment Plan” → “Follow-up Notes”
  • “Clause” → “Cited Case” → “Commentary”

Aegis supports traversing this graph:

  • Multi-hop reasoning
  • Re-ranking based on neighborhood
  • Expansion from anchor concepts to supporting context

Example:

A legal agent asks for “termination clause context.” SSRAG expands from the clause to related cases and commentary, returning a richer, more precise summary.

3. Access-Aware Retrieval

Access control is not applied post-retrieval — it’s embedded in the retrieval process:

  • Chunk access policies are enforced in the Vespa query layer
  • Users only see what they’re permitted to see, at index time

Example:

An intern from Hospital A cannot retrieve notes from Hospital B, even if embeddings are close.

Why Vespa?

Vespa is uniquely suited to power SSRAG:

  • Hybrid Retrieval: Lexical (BM25) + Semantic (ANN)
  • Structured Filtering: First-class support for metadata-based filters
  • Ranking Expressions: Re-rank using recency, semantic similarity, access score, etc.
  • High Performance: Scales across large, multi-tenant deployments

Other vector databases lack this combination of structured filters, hybrid scoring, and runtime ranking flexibility.

Use Cases Enabled

Multi-Tenant AI Workflows

Guarantee data boundaries across organizations with chunk-level access enforcement.

Scoped Retrieval with Reasoning

Traverse related context across a semantic document graph.

Domain-Specific Control

Retrieve based on structured metadata: department, doc type, access, version.

What’s Next

SSRAG turns your RAG pipeline into a permission-aware, structured knowledge base — unlocking the next generation of enterprise-grade AI agents.

Last updated on
Hybrid RetrievalIndexing Pipeline