```{contents}
```
## Access Control

---

### 1. What Is Access Control?

**Access Control** in Generative AI is the systematic enforcement of **who can use a model, what actions they can perform, and which data or capabilities they can access**, under defined security and governance policies.

It protects:

* **Models** (IP, weights, fine-tuning artifacts)
* **Data** (training data, prompts, outputs, logs)
* **Capabilities** (inference, fine-tuning, deployment, admin operations)

---

### 2. Why Access Control Is Critical for Generative AI

| Risk                     | Impact                             |
| ------------------------ | ---------------------------------- |
| Unauthorized model usage | Cost explosion, IP leakage         |
| Data leakage via prompts | Compliance violation (GDPR, HIPAA) |
| Prompt injection & abuse | Malicious content generation       |
| Model poisoning          | Degraded model behavior            |
| Unauthorized fine-tuning | Loss of control over IP            |

Access control is therefore a **core security primitive** in GenAI systems.

---

### 3. Access Control Objectives

* **Authentication** — Who are you?
* **Authorization** — What are you allowed to do?
* **Accountability** — What actions did you perform?
* **Least Privilege** — Only minimum necessary permissions
* **Auditability** — Complete activity traceability

---

### 4. Access Control Layers in GenAI Systems

```
User → Application → API Gateway → Model Service → Data Stores
        ↑             ↑              ↑               ↑
   Identity      Policy Engine   Capability Guard   Data ACLs
```

| Layer          | Controls                |
| -------------- | ----------------------- |
| User / App     | Identity, roles         |
| API            | API keys, OAuth tokens  |
| Model          | Capability permissions  |
| Data           | Dataset access policies |
| Infrastructure | IAM, network security   |

---

### 5. Core Access Control Models

| Model                | Description                | Usage in GenAI                            |
| -------------------- | -------------------------- | ----------------------------------------- |
| **RBAC**             | Role-Based Access Control  | Users: admin, developer, analyst          |
| **ABAC**             | Attribute-Based            | Policies based on user, resource, context |
| **ReBAC**            | Relationship-Based         | Multi-tenant sharing, org hierarchies     |
| **Capability-Based** | Explicit permission tokens | Tool usage permissions                    |
| **Policy-Based**     | Declarative rules          | Compliance enforcement                    |

---

### 6. What Is Being Controlled in GenAI?

| Asset           | Examples of Permissions        |
| --------------- | ------------------------------ |
| Models          | run, fine-tune, export, delete |
| Endpoints       | invoke, monitor, scale         |
| Datasets        | read, write, tag, anonymize    |
| Prompts         | view, modify, execute          |
| Logs            | view, export                   |
| Tools / Plugins | enable, disable                |

---

### 7. Capability-Based Control for LLMs

Modern LLM systems enforce **capability access**:

| Capability      | Permission Example  |
| --------------- | ------------------- |
| Text generation | `model:generate`    |
| Code execution  | `tool:execute_code` |
| File access     | `tool:read_file`    |
| Internet access | `tool:browse`       |
| Fine-tuning     | `model:train`       |

---

### 8. Example: Role-Based Policy

```yaml
role: developer
permissions:
  - model:generate
  - model:fine_tune
  - data:read_public
  - logs:view
```

```yaml
role: analyst
permissions:
  - model:generate
  - data:read_public
```

---

### 9. Attribute-Based Policy Example

```yaml
policy:
  effect: allow
  actions: [model:generate]
  condition:
    user.department: "research"
    data.classification: "public"
    request.time < "18:00"
```

---

### 10. Enforcement Workflow

```
Request → Identity Verification
       → Policy Evaluation
       → Capability Check
       → Model Execution
       → Logging & Audit
```

---

### 11. Code Demonstration (Python Conceptual)

```python
class PolicyEngine:
    def is_allowed(self, user, action, resource):
        return action in user.permissions and resource in user.allowed_resources

def generate_text(user, prompt):
    if not policy_engine.is_allowed(user, "model:generate", "gpt-llm"):
        raise PermissionError("Access denied")
    return model.generate(prompt)
```

---

### 12. Multi-Tenant GenAI Access Control

| Level        | Enforcement           |
| ------------ | --------------------- |
| Organization | Tenant isolation      |
| Project      | Team permissions      |
| User         | Role permissions      |
| Session      | Contextual policies   |
| Request      | Dynamic policy checks |

---

### 13. Security Enhancements

* Prompt logging & filtering
* Abuse detection & rate limiting
* Output moderation
* Differential privacy controls
* Secure enclaves for model weights

---

### 14. Compliance Integration

| Regulation | Control Need                             |
| ---------- | ---------------------------------------- |
| GDPR       | Data access restrictions, right to erase |
| HIPAA      | PHI isolation                            |
| SOC 2      | Audit logging                            |
| ISO 27001  | Policy enforcement                       |

---

### 15. Key Takeaways

* Access control is the **governance backbone** of GenAI systems.
* It protects **models, data, and capabilities**.
* Modern GenAI platforms combine **RBAC + ABAC + Capability-based policies**.
* Enforcement occurs at **every layer** of the GenAI stack.

