Role-based access control through user id (metadata)

API
, ,
1

Hello everyone,

I am developing a Retrieval-Augmented Generation (RAG) chatbot that includes a role-based access control feature. This chatbot will cater to three types of users: doctors, patients, and admins. Users will be able to access and query information from three different types of documents through the chatbot.

  1. Research Papers Directory: This directory contains research papers that both doctors and patients can query for general information.

  2. Clinic Notes (clinic_notes.json): This JSON file contains notes taken by doctors during patient visits. The format is as follows:
    {
    “note1”: {
    “Meta”: {“type”: “clinic notes”, “doctor_id”: “2”, “patient_id”: “2”},
    “content”: {“07/01/24”: “He is suffering from abc disease”}
    },
    “note2”: {
    “Meta”: {“type”: “clinic notes”, “doctor_id”: “1”, “patient_id”: “3”},
    “content”: {“07/02/24”: “She is suffering from xyz disease”}
    },
    “note3”: {
    “Meta”: {“type”: “clinic notes”, “doctor_id”: “1”, “patient_id”: “1”},
    “content”: {“07/03/24”: “He is suffering from pqr disease”}
    }
    }

  3. Patient Data (patient_data.json): This JSON file contains detailed information about patients. The format is as follows:
    {
    “note1”: {
    “Meta”: {“type”: “diagnose data”, “doctor_id”: “1”, “patient_id”: “1”},
    “content”: {“Name”: “Jacob Nicolson”, “height”: “165 cm”, “weight”: “145 lbs”, “age”: “26”, “sex”: “Male”, “disease”: “pqr”}
    },
    “note2”: {
    “Meta”: {“type”: “diagnose data”, “doctor_id”: “2”, “patient_id”: “2”},
    “content”: {“Name”: “Colt Bruke”, “height”: “170 cm”, “weight”: “156 lbs”, “age”: “32”, “sex”: “Male”, “disease”: “abc”}
    },
    “note3”: {
    “Meta”: {“type”: “diagnose data”, “doctor_id”: “1”, “patient_id”: “3”},
    “content”: {“Name”: “Eliza Walter”, “height”: “180 cm”, “weight”: “150 lbs”, “age”: “27”, “sex”: “Female”, “disease”: “xyz”}
    }
    }

I have implemented a Streamlit login page using this approach: [streamlit-authenticator-part-1-adding-an-authentication-component-to-your-app]. My goal is to ensure that access to these documents is restricted based on the user’s role and association:

Doctor Access: A logged-in doctor should only be able to access information where they are involved. For instance, a doctor with doctor_id: 1 should only be able to access note2 and note3 from clinic_notes.json, and note1 and note3 from patient_data.json.

Patient Access: A logged-in patient should only be able to access their own information. For example, a patient with patient_id: 2 should only be able to access note1 from clinic_notes.json and note2 from patient_data.json.

Despite trying several approaches and searching online for solutions, I haven’t found a robust method to implement this. Any ideas or assistance would be greatly appreciated.

2

@NikhilAdvani welcome to community!

Few days ago I was exploring too this zone, because I had some ideas and I was curious to see them in action…

Metadata’s in my vision are not to pass important data for processing, is to split Agents by category, add them actions, states, so I can handle them better in my code, for efficiency.

I need a solution for this too in the future, I will share my tests where I add metadata for user role.

3

Thank you @razvan.i.savin for sharing your code! Looking forward to exploring more in this particular area.

1 Like