Skip to main content
MyITCyberBack to home
← Insights·AI Security

AI Permissions: Your AI Should Follow the Same Rules as Your Users

·2 min read
Diagram showing four users with different roles (IT, Finance, HR, and Security) sending the same question to a shared AI, with a permissions layer enforcing identity, RBAC, document permissions, data classification, and audit logging so each user only receives the data they are allowed to see.

If an employee cannot open a financial document, the AI should not show them that data either. AI does not remove the need for identity, role-based access, and audit logs. It makes those controls more important.

When companies start using AI with internal data, the first question is usually about the model.

But the bigger question should be permissions.

If an employee is not allowed to open a financial document, the AI should not be able to show them that information either.

The same rule applies to HR files, customer data, source code, security reports, tickets, contracts, and internal procedures.

AI does not remove the need for access control.

It makes access control even more important.

When building RAG, local LLMs, or AI agents, the system must understand who the user is and what they are allowed to see. The answer should be based only on sources that the user has permission to access.

A good AI platform should include:

  • Identity
  • Role-based access
  • Document permissions
  • Audit logs
  • Data classification
  • Clear ownership of information

The goal is simple.

The AI should not know everything for everyone.

It should know the right things for the right user, based on the same permissions the company already trusts.

// related reading
Split diagram contrasting Shadow AI, where sensitive company data leaks through a broken perimeter to an external AI, with an Approved AI model where data flows through policy, approved tools, access control, logging, and data classification controls into an internal AI.
AI Security

Shadow AI: The New Risk Inside Organizations

Employees are already using AI at work. When IT does not know which tools, what data, or where the conversation history lives, that is Shadow AI. The fix is to give people a safe, approved path, not to block the only tool that gets the job done.

Read article
Docker Compose GPU access configuration. Left panel shows a compose file without the deploy.resources block, with a flow showing container start, GPU chip with red X, nvidia-smi failing, and workload falling to CPU. Right panel shows a compose file with the deploy.resources.reservations.devices block including driver: nvidia and count: 1, with a flow showing container start, GPU chip with green checkmark, nvidia-smi working, and CUDA available. Bottom strip shows six checks: compose file defines GPU, driver: nvidia, count or device_ids, nvidia-smi from inside, no extra flags, predictable behavior.
AI Infrastructure

Docker Compose Does Not Automatically Use the GPU

On Linux GPU servers, Docker Compose does not use the NVIDIA GPU automatically. The service starts, nothing obviously fails, and the workload quietly falls back to CPU. The fix is a few lines in the compose file, but only if you know to look for them.

Read article
Back to all insights