Permissions do not stop at the table when the answer blends tables, documents, metrics, tools, and derived context.

Permission inheritance gets complicated fast

A context graph can connect datasets, documents, metrics, lineage, owners, policies, tools, and answers. That is useful because AI answers rarely come from one clean table. It is also dangerous if permission inheritance is assumed instead of modeled.

The problem is not only whether a user can read a source dataset. It is whether derived features, metric definitions, summaries, retrieved chunks, and tool outputs still carry the right permission boundary.

A graph can make propagation visible

Use graph edges for derivation, ownership, policy, lineage, retrieval, and tool use. Attach permission state to nodes and explain how permissions propagate or stop across edges. A document derived from restricted data should not become public because it changed format.

Core idea: context graph permission inheritance makes the access path inspectable before an answer reaches the model.

Control the answer path

The retrieval service should evaluate permissions over the graph path, not only the final chunk. Store the path used for the answer, the denied paths, the policy decision, and the source authority ranking.

For related ODI patterns, read context graphs for retrieval governance, source authority ranking, and context authorization receipts.

What breaks first

  • A summary loses the permission label of the source data.
  • A metric is allowed, but one contributing dimension is restricted.
  • Tool output is cached without the identity that allowed it.
  • The answer cites an allowed document that was generated from denied data.

Inheritance questions

Ask whether permissions propagate across derived nodes, whether denied paths are visible, whether policy decisions include graph context, and whether the answer receipt shows the access path.

Sources to start with

These primary sources anchor the technical claims in this guide.

The answer is only allowed if the path that produced it is allowed too.