Open Data Infrastructure
Context Graph Permission Inheritance
How context graphs can trace permission inheritance across datasets, documents, metrics, tools, features, and retrieved answers.
Permissions do not stop at the table when the answer blends tables, documents, metrics, tools, and derived context.
Permission inheritance gets complicated fast
A context graph can connect datasets, documents, metrics, lineage, owners, policies, tools, and answers. That is useful because AI answers rarely come from one clean table. It is also dangerous if permission inheritance is assumed instead of modeled.
The problem is not only whether a user can read a source dataset. It is whether derived features, metric definitions, summaries, retrieved chunks, and tool outputs still carry the right permission boundary.
A graph can make propagation visible
Use graph edges for derivation, ownership, policy, lineage, retrieval, and tool use. Attach permission state to nodes and explain how permissions propagate or stop across edges. A document derived from restricted data should not become public because it changed format.
Core idea: context graph permission inheritance makes the access path inspectable before an answer reaches the model.
Control the answer path
The retrieval service should evaluate permissions over the graph path, not only the final chunk. Store the path used for the answer, the denied paths, the policy decision, and the source authority ranking.
For related ODI patterns, read context graphs for retrieval governance, source authority ranking, and context authorization receipts.
What breaks first
- A summary loses the permission label of the source data.
- A metric is allowed, but one contributing dimension is restricted.
- Tool output is cached without the identity that allowed it.
- The answer cites an allowed document that was generated from denied data.
Inheritance questions
Ask whether permissions propagate across derived nodes, whether denied paths are visible, whether policy decisions include graph context, and whether the answer receipt shows the access path.
Sources to start with
These primary sources anchor the technical claims in this guide.
- W3C PROV-O recommendation
- OpenLineage object model documentation
- Open Policy Agent decision logs documentation
- NIST AI Risk Management Framework
The answer is only allowed if the path that produced it is allowed too.