Skip to main content
ZenSearch
All posts
Security5 min read

Permission-Aware Search: RBAC That Actually Works at Query Time

Enterprise search without access control is a security liability. ZenSearch enforces document-level permissions at query time, synced from your identity provider.

January 20, 2026 · ZenSearch Team

Permission-aware search enforces the source system's access control at query time, so every user sees only the documents they're authorized to see. ZenSearch imports permission metadata from Confluence, SharePoint, Google Drive, and your identity provider on every sync, then applies a filter to the search query itself — restricted documents never enter the ranking pipeline, not even as redacted placeholders.

Indexing everything is easy. Making sure each user only sees what they're authorized to see — that's the hard part. Most enterprise search tools either skip access control entirely or implement it as a coarse filter. ZenSearch enforces fine-grained, document-level permissions at query time.

The Permission Model

ZenSearch's RBAC system operates at two levels:

Team-Level RBAC — Role-based access (Owner, Admin, Editor, Viewer) controls who can manage connectors, collections, agents, and settings.

Document-Level RBAC — Each indexed document carries permission metadata specifying who can access it. Permissions can be set by:

  • Individual user
  • Security group
  • Team membership
  • Email domain
  • Public access flag

Permission Synchronization

When ZenSearch indexes a document from Confluence, SharePoint, or Google Drive, it also imports the source system's access control list. If a Confluence page is restricted to the "Engineering" group, only users in that group will see it in ZenSearch results.

Permission sync happens incrementally. When access changes in the source system, ZenSearch picks up the delta on the next sync cycle.

Query-Time Filtering

At search time, ZenSearch retrieves the user's identity and group memberships, then applies a permission filter to the search query. Documents the user can't access are excluded before ranking — they never appear in results, not even as redacted placeholders.

This filtering is built into the search layer itself, so it doesn't degrade performance.

External Identity Integration

ZenSearch integrates with your existing identity providers:

  • OIDC/SAML — Enterprise SSO (Okta, Azure AD, and others)
  • Google Workspace — Domain and group membership
  • Microsoft Teams — Team and channel membership
  • Slack — Workspace membership sync

Identities are normalized into a unified format so permission checks work consistently regardless of the source system.

PreviousPrivate AI Deployment: Why On-Premise Search Matters and How to DeployNextBuilding AI Agents for Enterprise: Beyond Simple Chat