Question
Design the retrieval and permissioning layer of an enterprise RAG assistant over a company's internal documents (wikis, tickets, code, chat) where the killer requirement is that the assistant must NEVER surface content a given user isn't allowed to see — and permissions change constantly (someone leaves a team, a doc is reshared). Corpus is ~50M chunks across heterogeneous sources with different ACL models. Walk through how you enforce per-user authorization on retrieval, how you keep chunking/retrieval quality high across such varied content, and how you evaluate that the system is both helpful and never leaking.
Clarify scale and constraints first. Propose a clean component breakdown, then go deep on the hard parts — data model, bottlenecks, consistency, failure modes — and name the trade-offs you are making.