Security overview

Permissions are never bypassed.

BeBrief is built around one invariant: a user can only receive answers derived from documents they're actually permitted to access. This isn't a UI-layer filter — it's enforced at the vector search level.

The two-layer ACL model

Layer 1 — Admin flag

The is_admin flag on the user record controls access to the Admin UI (/admin). Admin sign-in requires Google or Microsoft OAuth. Admins manage connectors, users, and tenant settings.

Layer 2 — Document ACLs

Every document in the vector store carries an acl_allow payload field. At query time, user identity is resolved to a set of ACL grants, and the vector search is filtered to only documents where acl_allow intersects the user's grants.

ACL format reference

Document grants (stored per chunk in the vector store)

"public"

Any authenticated org user can access

"confluence_space:ENG"

Any user linked to this Confluence space

"confluence_user:{accountId}"

Specific Confluence account holder only

"confluence_group:{name}"

Members of a named Confluence group

"slack_channel:{channelId}"

Members of a specific Slack channel

User identity grants (resolved at query time)

user.acl_grants = [
  "public",
  "user:alice@corp.com",

  // Slack channels Alice is a member of
  "slack_channel:C0123ABCD",
  "slack_channel:C0456EFGH",

  // Confluence access
  "confluence_space:ENG",
  "confluence_space:PRODUCT",
  "confluence_user:5b109f2e9f8...",
  "confluence_group:engineering",
]

// Vector search filter:
// doc.acl_allow INTERSECTS user.acl_grants

Grants are cached in Redis with a 15-minute TTL and refreshed on the next query after expiry. Permission changes in Confluence propagate within one permission-sync cycle (5 minutes).

Ephemeral delivery for restricted content

When an answer is derived from restricted documents, BeBrief delivers it as an ephemeral Slack message — visible only to the querying user, never stored in channel history.

Public answer

Posted in channel

None

All context documents have "public" in their ACL. The full answer is visible to everyone in the channel.

Restricted answer

Ephemeral only

✅ reaction

One or more context documents require specific ACL grants. Only the querying user sees the answer. A ✅ reaction on the query confirms delivery.

Permission denied

Permission message

Ephemeral

Restricted content exists and matches the query, but the user's identity lacks the required grants. BeBrief informs the user they don't have access — never reveals document content.

Zero data egress

BeBrief runs LLM inference on our own managed servers. Your documents are never sent to OpenAI, Anthropic, or any other AI provider — and never will be.

  • Embeddings generated on BeBrief-managed servers
  • LLM inference on BeBrief-managed servers
  • No OpenAI / Anthropic / Google AI API calls
  • No data sent to any third-party AI company
  • Bring Your Own Storage — coming soon
  • Enterprise: custom deployment options available

Data flow

Slack event
BeBrief API (your server)
Query embedding
Local model endpoint
Vector search
BeBrief vector store
LLM prompt + context
Local inference engine
Answer
External LLM API ✗ blocked
Documents
Cloud storage ✗ blocked

Multi-tenant isolation

Each organization is isolated at the data layer — not just the application layer.

Relational database

Row-level security enforced at the database layer. All records are scoped per tenant — no application-level filtering required.

Vector store

Separate vector collection per tenant. Cross-tenant queries are architecturally impossible, not just access-controlled.

Object storage

Separate storage bucket per tenant for raw indexed content. Isolated at the infrastructure level.

Permission cache

Cache keys namespaced by tenant. Permission grants are scoped per tenant and never shared.

Confluence identity auto-linking

BeBrief automatically links Slack users to their Confluence identities using email matching — no manual configuration required.

1

Permission-sync fetches all Confluence users from your connected Atlassian site (requires read:user:confluence scope).

2

Users are matched by email address to BeBrief's internal user records.

3

Matched users get an IdentityMapping record linking their BeBrief user ID to their Confluence accountId.

4

At query time, the Confluence accountId is included in ACL resolution, granting access to page-restricted documents.

Security questions?

We're happy to walk through the architecture with your security team.

security@bebrief.app