Comment by Weves

Great question! Right now, our access control is very basic. When admins setup connectors to other apps, all documents indexed are accessible by all (meant to be public documents only). Individual users can index private documents by providing their own access tokens for connectors, and those docs will be only available to the user who owns that access token. Improving this is a high priority item for us, as we understand this is a deal-breaker for enterprises.

The immediate plan is to extend our current poll / push based connectors to also grab access information (+ add IdP integrations for cross-app identity). There will be some delay to grab access updates, which will be combatted by the dynamic check with the app / IdP itself at query time that you mentioned (still investigating exactly how this will work).

We are also considering adding support for group based access defined within Danswer itself for sources that don't provide APIs to get access information (default being all-public if not specified). Of course, for these, we will not be able to sync permissions.