# RAG Permission Boundary Checklist

Use this before indexing company documents into a knowledge assistant.

## Source Inventory

| Source | Owner | Audience | Sensitivity | ACL source | Freshness rule | Approved for RAG? |
| --- | --- | --- | --- | --- | --- | --- |
| | | Everyone / team / named users | Public / internal / confidential / restricted | Drive / SharePoint / Notion / custom | | Yes / no |

## Retrieval Boundary

- User identity is known before retrieval.
- User groups/roles are available to the retriever.
- Corpus is separated by audience or sensitivity.
- Metadata filtering happens before retrieval.
- Restricted sources are not indexed into broad corpora.
- Source IDs and permissions are logged.
- Refusals do not reveal restricted source existence.

## Test Profiles

- Broad employee.
- Narrow department employee.
- Manager.
- Contractor.
- Disabled account.
- Admin.

## Required Tests

- Allowed question returns sourced answer.
- Disallowed question refuses safely.
- Prompt injection does not bypass permissions.
- Stale source is marked or excluded.
- Conflicting sources are handled by authority rule.
- Logs do not expose full sensitive chunks.

## Decision

- Approved corpus:
- Excluded sources:
- Owner:
- Review cadence:
- Open risks: