Prompt Guard Feature

RBAC for AI - Context-aware access control

Control what sensitive data each role can access through AI queries. 13 data domains, priority-based rules, full audit logging.

RBAC adjusts the risk score based on user role. The same query can be legitimate for HR but suspicious for a regular employee.

Try RBAC Basic - CHF 299/mo Contact for Enterprise

Business & Enterprise

Full audit logging

IAM intégration

Important: RBAC is a Prompt Guard Feature

Adlibo does not manage your users. Your application sends role context via HTTP headers, and Prompt Guard uses this information to adjust its scoring. RBAC is NOT included in DataShield.

Your App

X-User-Role: HR_MANAGER

Prompt Guard

Adjusted score

How Does RBAC Work?

Configuré your roles

Define your organization's roles and the data domains each role can access.

Send context

Your application adds HTTP headers (X-User-Role, X-User-Department) to each API request.

Contextual scoring

Prompt Guard automatically adjusts the risk score based on role and query.

Smart decision

The same query can be allowed for HR but blocked for a regular employee.

Example: Same Query, Different Results

RBAC scoring considers the user's role to déterminé if a query is legitimate or suspicious.

Analyzed query

"Show me Jean Dupont's salary"

HR_MANAGER

Allowed

EMPLOYEE

Blocked

IT_ADMIN

Warning

Choose Your RBAC Level

RBAC is available in Business and Enterprise plans of Prompt Guard.

RBAC Basic

Business Plan

CHF 299/mo

Your application sends the role via HTTP headers. Prompt Guard adjusts scoring based on context.

4 data domains (PII, Financial, HR, Code)
Exact match role patterns
HTTP headers (X-User-Role, X-User-Department)
30-day audit trail

Choose Business

Full

RBAC Enterprise

Enterprise Plan

Custom

Automatic role sync from your IAM. Headers are injected automatically.

13 protected data domains
Wildcard patterns (HR_*, ADMIN_*)
Native AD / Okta / LDAP sync
90+ day audit trail
Automatic SIEM alerts

Contact Sales

Feature	Business	Enterprise
Data domains	4	13
Role patterns	Exact match	Wildcards (*)
IAM intégration	Headers HTTP	AD / Okta / LDAP
Audit trail	30 days	90+ days
SIEM intégration	-	Splunk, Elastic, Datadog

13 Protected Data Domains

Define precisely which data types each role can query through AI.

PII_DATA

Personal data

FINANCIAL_DATA

Financial data

HR_RECORDS

HR records

CODE_ACCESS

Source code

HEALTH_INFO

Health (HIPAA)

LEGAL_DOCS

Légal docs

CLIENT_DATA

Client data

CREDENTIALS

Credentials

SECURITY_INFO

Security info

SYSTEM_CONFIG

System config

STRATEGIC_PLANS

Strategic plans

COMMUNICATION

Communications

RESEARCH_IP

Research IP

Business (4 domains)Enterprise only (9 domains)

Simple Intégration

Simply add HTTP headers to your existing API calls.

rbac-intégration.ts

import { Adlibo } from '@adlibo/sdk';

const adlibo = new Adlibo('al_live_xxx');

// Add role context to your API calls
const result = await adlibo.analyze(userInput, {
  headers: {
    'X-User-Role': 'HR_MANAGER',
    'X-User-Department': 'Human Resources',
    'X-User-Groups': 'hr-team,payroll-access',
    'X-User-Email': 'manager@company.com'
  }
});

// Score is adjusted based on role context
if (result.safe) {
  // HR can access salary data
  await sendToLLM(userInput);
} else {
  // Access denied based on role
  console.log(`Blocked: ${result.severity}`);
  console.log(`Risk Score: ${result.riskScore}`);
}

Protect Your Sensitive Data with RBAC

Start with RBAC Basic in the Business plan, or contact us for RBAC Enterprise with full IAM intégration.

Start with Business Request Enterprise Démo

Prompt Guard

Prompt Guard Feature

RBAC for AI - Context-aware access control

Control what sensitive data each role can access through AI queries. 13 data domains, priority-based rules, full audit logging.

RBAC adjusts the risk score based on user role. The same query can be legitimate for HR but suspicious for a regular employee.

Try RBAC Basic - CHF 299/mo Contact for Enterprise

Business & Enterprise

Full audit logging

IAM intégration

Important: RBAC is a Prompt Guard Feature

Adlibo does not manage your users. Your application sends role context via HTTP headers, and Prompt Guard uses this information to adjust its scoring. RBAC is NOT included in DataShield.

Your App

X-User-Role: HR_MANAGER

Prompt Guard

Adjusted score

How Does RBAC Work?

Configuré your roles

Define your organization's roles and the data domains each role can access.

Send context

Your application adds HTTP headers (X-User-Role, X-User-Department) to each API request.

Contextual scoring

Prompt Guard automatically adjusts the risk score based on role and query.

Smart decision

The same query can be allowed for HR but blocked for a regular employee.

Example: Same Query, Different Results

RBAC scoring considers the user's role to déterminé if a query is legitimate or suspicious.

Analyzed query

"Show me Jean Dupont's salary"

HR_MANAGER

Allowed

EMPLOYEE

Blocked

IT_ADMIN

Warning

Choose Your RBAC Level

RBAC is available in Business and Enterprise plans of Prompt Guard.

RBAC Basic

Business Plan

CHF 299/mo

Your application sends the role via HTTP headers. Prompt Guard adjusts scoring based on context.

4 data domains (PII, Financial, HR, Code)
Exact match role patterns
HTTP headers (X-User-Role, X-User-Department)
30-day audit trail

Choose Business

Full

RBAC Enterprise

Enterprise Plan

Custom

Automatic role sync from your IAM. Headers are injected automatically.

13 protected data domains
Wildcard patterns (HR_*, ADMIN_*)
Native AD / Okta / LDAP sync
90+ day audit trail
Automatic SIEM alerts

Contact Sales

Feature	Business	Enterprise
Data domains	4	13
Role patterns	Exact match	Wildcards (*)
IAM intégration	Headers HTTP	AD / Okta / LDAP
Audit trail	30 days	90+ days
SIEM intégration	-	Splunk, Elastic, Datadog

13 Protected Data Domains

Define precisely which data types each role can query through AI.

PII_DATA

Personal data

FINANCIAL_DATA

Financial data

HR_RECORDS

HR records

CODE_ACCESS

Source code

HEALTH_INFO

Health (HIPAA)

LEGAL_DOCS

Légal docs

CLIENT_DATA

Client data

CREDENTIALS

Credentials

SECURITY_INFO

Security info

SYSTEM_CONFIG

System config

STRATEGIC_PLANS

Strategic plans

COMMUNICATION

Communications

RESEARCH_IP

Research IP

Business (4 domains)Enterprise only (9 domains)

Simple Intégration

Simply add HTTP headers to your existing API calls.

rbac-intégration.ts

import { Adlibo } from '@adlibo/sdk';

const adlibo = new Adlibo('al_live_xxx');

// Add role context to your API calls
const result = await adlibo.analyze(userInput, {
  headers: {
    'X-User-Role': 'HR_MANAGER',
    'X-User-Department': 'Human Resources',
    'X-User-Groups': 'hr-team,payroll-access',
    'X-User-Email': 'manager@company.com'
  }
});

// Score is adjusted based on role context
if (result.safe) {
  // HR can access salary data
  await sendToLLM(userInput);
} else {
  // Access denied based on role
  console.log(`Blocked: ${result.severity}`);
  console.log(`Risk Score: ${result.riskScore}`);
}

Protect Your Sensitive Data with RBAC

Start with RBAC Basic in the Business plan, or contact us for RBAC Enterprise with full IAM intégration.

Start with Business Request Enterprise Démo