```{contents}
```
## **Role-Based Access Control (RBAC) in LangGraph**

**Role-Based Access Control (RBAC)** in LangGraph is a **security and governance mechanism** that regulates **who can perform what actions** inside an LLM workflow, at **runtime**, **per user**, **per agent**, and **per tool**.

It is essential for **enterprise, multi-tenant, and safety-critical** LangGraph deployments.

---

### **1. Motivation and Intuition**

LLM systems operate tools, access data, and make decisions.
Without access control:

> **Any user or agent could trigger any tool or modify any state.**

RBAC enforces the principle of **least privilege**:

| Principle            | Meaning                         |
| -------------------- | ------------------------------- |
| Least privilege      | Give only necessary permissions |
| Separation of duties | Split critical capabilities     |
| Defense in depth     | Multiple protection layers      |

---

### **2. Core RBAC Components in LangGraph**

| Component             | Purpose                           |
| --------------------- | --------------------------------- |
| **Role**              | Named permission set              |
| **Permission**        | Allowed action                    |
| **Subject**           | User, agent, or service           |
| **Resource**          | Tool, node, state, graph          |
| **Policy**            | Rule mapping roles to permissions |
| **Enforcement Point** | Where the check occurs            |

---

### **3. What Can Be Controlled**

RBAC can restrict:

* Graph execution
* Node invocation
* Tool usage
* State read/write access
* Agent delegation
* Memory access
* Human approval actions
* Administrative operations

---

### **4. Example Permission Model**

| Role     | Permissions                   |
| -------- | ----------------------------- |
| Admin    | All actions                   |
| Analyst  | Read data, run analysis tools |
| Operator | Execute safe tools            |
| Reviewer | Approve outputs               |
| Guest    | Limited queries               |

---

### **5. RBAC in the LangGraph Execution Model**

RBAC checks occur at **runtime** before:

* Entering a node
* Executing a tool
* Updating sensitive state
* Performing external actions

```
Request → Authenticate → Resolve Role → Evaluate Policy → Execute Node
```

---

### **6. Practical Implementation Pattern**

#### **Define Roles & Permissions**

```python
ROLE_PERMISSIONS = {
    "admin": {"read", "write", "deploy", "execute_tools"},
    "analyst": {"read", "execute_tools"},
    "guest": {"read"}
}
```

#### **Attach Role to State**

```python
class State(TypedDict):
    role: str
    query: str
    result: str
```

#### **Permission Guard**

```python
def authorize(state, permission):
    role = state["role"]
    if permission not in ROLE_PERMISSIONS[role]:
        raise PermissionError("Access denied")
```

#### **Secured Node**

```python
def analysis_node(state):
    authorize(state, "execute_tools")
    # protected logic
    return {"result": "analysis done"}
```

---

### **7. Tool-Level RBAC**

```python
def secure_tool(tool_fn, permission):
    def wrapper(state, *args):
        authorize(state, permission)
        return tool_fn(*args)
    return wrapper
```

---

### **8. Agent-Level RBAC**

Each agent carries a role:

```python
agent_state = {
    "agent_id": "planner",
    "role": "analyst"
}
```

Agents can **delegate only permitted actions**.

---

### **9. Human-in-the-Loop RBAC**

Critical transitions require special roles:

| Action            | Required Role |
| ----------------- | ------------- |
| Deploy model      | Admin         |
| Release report    | Reviewer      |
| Trigger execution | Operator      |
| Modify state      | Admin         |

---

### **10. Enterprise Extensions**

| Feature                | Purpose               |
| ---------------------- | --------------------- |
| Policy Engine          | Centralized rules     |
| Audit Logs             | Compliance tracking   |
| RBAC + ABAC            | Attribute conditions  |
| Multi-tenant Isolation | Tenant separation     |
| Secrets Governance     | Credential protection |

---

### **11. Benefits in LangGraph Systems**

| Without RBAC      | With RBAC               |
| ----------------- | ----------------------- |
| Unsafe automation | Controlled automation   |
| No accountability | Full audit trail        |
| High risk         | Enterprise-grade safety |
| Hard compliance   | Regulation-ready        |

---

### **12. Summary**

RBAC transforms LangGraph from a **powerful workflow engine** into a **secure enterprise AI platform**.

> **RBAC = Safety + Governance + Scalability + Trust**


### Demonstration

In [1]:
from typing import TypedDict
from langgraph.graph import StateGraph, END

# -----------------------------
# 1. RBAC Policy Definition
# -----------------------------
ROLE_PERMISSIONS = {
    "admin": {"read", "execute", "write"},
    "analyst": {"read", "execute"},
    "guest": {"read"}
}

def authorize(state, permission):
    role = state["role"]
    if permission not in ROLE_PERMISSIONS[role]:
        raise PermissionError(f"Role '{role}' is not allowed to '{permission}'")

# -----------------------------
# 2. State Definition
# -----------------------------
class State(TypedDict):
    role: str
    query: str
    result: str

# -----------------------------
# 3. Secured Nodes
# -----------------------------
def reader_node(state):
    authorize(state, "read")
    return {"query": state["query"]}

def executor_node(state):
    authorize(state, "execute")
    return {"result": f"Processed: {state['query']}"}

def writer_node(state):
    authorize(state, "write")
    return {"result": state["result"] + " | Saved"}

# -----------------------------
# 4. Graph Construction
# -----------------------------
builder = StateGraph(State)

builder.add_node("read", reader_node)
builder.add_node("execute", executor_node)
builder.add_node("write", writer_node)

builder.set_entry_point("read")
builder.add_edge("read", "execute")
builder.add_edge("execute", "write")
builder.add_edge("write", END)

graph = builder.compile()

# -----------------------------
# 5. Run as Different Roles
# -----------------------------
print("\n--- Admin Execution ---")
print(graph.invoke({"role": "admin", "query": "Quarterly Report"}))

print("\n--- Analyst Execution ---")
try:
    print(graph.invoke({"role": "analyst", "query": "Market Analysis"}))
except Exception as e:
    print("Blocked:", e)

print("\n--- Guest Execution ---")
try:
    print(graph.invoke({"role": "guest", "query": "Public Data"}))
except Exception as e:
    print("Blocked:", e)



--- Admin Execution ---
{'role': 'admin', 'query': 'Quarterly Report', 'result': 'Processed: Quarterly Report | Saved'}

--- Analyst Execution ---
Blocked: Role 'analyst' is not allowed to 'write'

--- Guest Execution ---
Blocked: Role 'guest' is not allowed to 'execute'
