Access Granted!! Here's the recipe behind my AI DMS

This is a submission for the Permit.io Authorization Challenge: AI Access Control Hey there, Welcome back! This is my 2nd entry for the Permit.io Authorization Challenge. (If you want to see the 1st one, here's the link: https://dev.to/rohan_sharma/access-control-handled-heres-how-i-built-my-dms-212) This project is not different than the last one. It's still a document management system, but it now has more powerful features and configurations.//.. Welcome to Radhika's AI DocManager This project demonstrates how to implement fine-grained authorization for both users and AI agents in a Next.js application using Permit.io. It's a document management system where users can create, view, edit, and delete documents based on their roles and document ownership, and AI agents can assist with document management based on their assigned permissions. Features 1️⃣ User Authorization Role-Based Access Control (RBAC): Different roles (Admin, Editor, Viewer) have different permissions Attribute-Based Access Control (ABAC): Document owners have special privileges Fine-Grained Authorization: Using Permit.io to implement complex authorization rules 2️⃣ AI Authorization AI Agent Roles: Define different AI agent roles with specific capabilities Permission Levels: Configure what AI agents can access and modify No Access: AI agent cannot access the resource at all Read Only: AI agent can only read but not modify resources Suggest Only: AI can suggest changes that require human approval Full Access: AI has full access to read and modify resources Approval Workflows: Require human approval for sensitive AI operations Audit and Monitoring: Track all AI actions and approvals 3️⃣ Document Intelligence Document Analysis: AI-powered analysis of document content and structure Document Summarization: Generate concise summaries of documents Content Improvement: AI suggestions for improving document content Demo Project Repo Github Repo: https://github.com/RS-labhub/AI_DOCUMENT_MANAGEMENT_SYSTEM Documentation: https://rs-labhub.github.io/AI_DOCUMENT_MANAGEMENT_SYSTEM/ My Journey As said in the last blog, it was quite difficult to create a DMS or document management system, as there are so many brainstorming behind this. Anyway, thanks to Permit.io for saving a lot of my time while creating policies. It's easy to use and enough to say goodbye to the old methods where we die while writing the code. I used Permit.io to achieve these things: Role-Based Access Control or RBAC Attribute-Based Access Control or ABAC Also, implemented the roles the AI should have. Here's both RBAC and ABAC are used. I used GROQ Cloud for fast LLM inference and OpenAI compatibility. Overall, it was a fun experience building this project, and I enjoyed building it. If you want to see the whole implementation of the Permit.io, please read the project Readme file! Authorization for AI Applications with Permit.io Authorization Model User Authorization The application implements the following user authorization model: Admin: Can create, view, edit, and delete any document, and access the admin panel Editor: Can create, view, and edit documents, but can only delete their own documents Viewer: Can only view documents Additionally, document owners have full control over their own documents regardless of their role. AI Authorization The application implements the following AI authorization model: AI Agent Roles: Assistant: Helps with document organization and basic tasks Editor: Can edit and improve document content Analyzer: Analyzes document content and provides insights AI Capabilities: read_documents: Ability to read document content suggest_edits: Ability to suggest edits to documents edit_documents: Ability to directly edit documents create_documents: Ability to create new documents delete_documents: Ability to delete documents analyze_content: Ability to analyze document content summarize_content: Ability to summarize documents translate_content: Ability to translate documents generate_content: Ability to generate new content Permission Levels: NO_ACCESS: AI agent cannot access the resource at all READ_ONLY: AI agent can only read but not modify resources SUGGEST_ONLY: AI can suggest changes that require human approval FULL_ACCESS: AI has full access to read and modify resources Implementation Details AI Authorization Implementation The application implements AI authorization through several key components: 1. AI Agent Management The AIAgent interface defines the structure of AI agents: export interface AIAgent { id: string; name: string; description: string; role: AIAgentRole; capabilities: AICapability[]; createdBy: string; createdAt: string; updatedAt: string; isActive: boolea

May 4, 2025 - 09:56

Access Granted!! Here's the recipe behind my AI DMS

This is a submission for the Permit.io Authorization Challenge: AI Access Control

Hey there,
Welcome back! This is my 2nd entry for the Permit.io Authorization Challenge. (If you want to see the 1st one, here's the link: https://dev.to/rohan_sharma/access-control-handled-heres-how-i-built-my-dms-212)

This project is not different than the last one. It's still a document management system, but it now has more powerful features and configurations.//..

Welcome to Radhika's AI DocManager

This project demonstrates how to implement fine-grained authorization for both users and AI agents in a Next.js application using Permit.io. It's a document management system where users can create, view, edit, and delete documents based on their roles and document ownership, and AI agents can assist with document management based on their assigned permissions.

Features

1️⃣ User Authorization

Role-Based Access Control (RBAC): Different roles (Admin, Editor, Viewer) have different permissions
Attribute-Based Access Control (ABAC): Document owners have special privileges
Fine-Grained Authorization: Using Permit.io to implement complex authorization rules

2️⃣ AI Authorization

AI Agent Roles: Define different AI agent roles with specific capabilities
Permission Levels: Configure what AI agents can access and modify
- No Access: AI agent cannot access the resource at all
- Read Only: AI agent can only read but not modify resources
- Suggest Only: AI can suggest changes that require human approval
- Full Access: AI has full access to read and modify resources
Approval Workflows: Require human approval for sensitive AI operations
Audit and Monitoring: Track all AI actions and approvals

3️⃣ Document Intelligence

Document Analysis: AI-powered analysis of document content and structure
Document Summarization: Generate concise summaries of documents
Content Improvement: AI suggestions for improving document content

Demo

Project Repo

Github Repo: https://github.com/RS-labhub/AI_DOCUMENT_MANAGEMENT_SYSTEM

Documentation: https://rs-labhub.github.io/AI_DOCUMENT_MANAGEMENT_SYSTEM/

My Journey

As said in the last blog, it was quite difficult to create a DMS or document management system, as there are so many brainstorming behind this.

Anyway, thanks to Permit.io for saving a lot of my time while creating policies. It's easy to use and enough to say goodbye to the old methods where we die while writing the code.

I used Permit.io to achieve these things:

Role-Based Access Control or RBAC
Attribute-Based Access Control or ABAC

Also, implemented the roles the AI should have. Here's both RBAC and ABAC are used. I used GROQ Cloud for fast LLM inference and OpenAI compatibility.

Overall, it was a fun experience building this project, and I enjoyed building it.

If you want to see the whole implementation of the Permit.io, please read the project Readme file!

Authorization for AI Applications with Permit.io

Authorization Model

User Authorization

The application implements the following user authorization model:

Admin: Can create, view, edit, and delete any document, and access the admin panel
Editor: Can create, view, and edit documents, but can only delete their own documents
Viewer: Can only view documents

Additionally, document owners have full control over their own documents regardless of their role.

AI Authorization

The application implements the following AI authorization model:

AI Agent Roles:
- Assistant: Helps with document organization and basic tasks
- Editor: Can edit and improve document content
- Analyzer: Analyzes document content and provides insights
AI Capabilities:
- read_documents: Ability to read document content
- suggest_edits: Ability to suggest edits to documents
- edit_documents: Ability to directly edit documents
- create_documents: Ability to create new documents
- delete_documents: Ability to delete documents
- analyze_content: Ability to analyze document content
- summarize_content: Ability to summarize documents
- translate_content: Ability to translate documents
- generate_content: Ability to generate new content
Permission Levels:
- NO_ACCESS: AI agent cannot access the resource at all
- READ_ONLY: AI agent can only read but not modify resources
- SUGGEST_ONLY: AI can suggest changes that require human approval
- FULL_ACCESS: AI has full access to read and modify resources

Implementation Details

AI Authorization Implementation

The application implements AI authorization through several key components:

1. AI Agent Management

The AIAgent interface defines the structure of AI agents:

export interface AIAgent {
  id: string;
  name: string;
  description: string;
  role: AIAgentRole;
  capabilities: AICapability[];
  createdBy: string;
  createdAt: string;
  updatedAt: string;
  isActive: boolean;
}

Administrators can manage AI agents through the admin panel, defining their roles and capabilities.

2. Permission Levels

The AIPermissionLevel enum defines the different levels of access that AI agents can have:

export enum AIPermissionLevel {
  NO_ACCESS = "no_access",
  READ_ONLY = "read_only",
  SUGGEST_ONLY = "suggest_only",
  FULL_ACCESS = "full_access",
}

3. AI Actions

The AIAction interface defines the structure of actions that AI agents can perform:

export interface AIAction {
  id: string;
  agentId: string;
  actionType: string;
  resourceType: string;
  resourceId: string;
  status: AIActionStatus;
  requestedAt: string;
  completedAt?: string;
  requestedBy: string;
  approvedBy?: string;
  rejectedBy?: string;
  metadata: Record<string, any>;
  result?: any;
}

4. Permission Checking

The checkAIPermission function checks if an AI agent has permission to perform an action:

export function checkAIPermission(
  agentId: string,
  action: string,
  resourceType: string,
  resourceId?: string
): {
  permitted: boolean;
  requiresApproval: boolean;
  permissionLevel: AIPermissionLevel;
} {
  // Implementation details...
}

5. Approval Workflow

The application implements an approval workflow for AI actions that require human oversight:

export async function requestAIAction(
  agentId: string,
  actionType: string,
  resourceType: string,
  resourceId: string,
  documentTitle: string,
  documentContent: string,
  metadata: Record<string, any>
): Promise<{ success: boolean; action?: AIAction; message?: string }> {
  // Implementation details...
}

export async function approveAIAction(
  actionId: string,
  userId: string
): Promise<{ success: boolean; action?: AIAction; message?: string }> {
  // Implementation details...
}

export async function rejectAIAction(
  actionId: string,
  userId: string,
  reason?: string
): Promise<{ success: boolean; action?: AIAction; message?: string }> {
  // Implementation details...
}

Integration with Permit.io

The application integrates with Permit.io through the permit.ts file, which provides functions for checking permissions:

import { Permit } from 'permitio';

// Initialize Permit SDK
const permit = new Permit({
  pdp: process.env.PERMIT_PDP_URL,
  token: process.env.PERMIT_SDK_TOKEN,
});

// Check if a user can perform an action on a resource
export async function checkPermission(
  userId: string,
  action: string,
  resourceType: string,
  resourceAttributes: Record<string, any> = {}
): Promise<boolean> {
  try {
    const permitted = await permit.check(userId, action, {
      type: resourceType,
      ...resourceAttributes,
    });
    return permitted;
  } catch (error) {
    console.error('Permission check failed:', error);
    return false;
  }
}

Conclusion

This project demonstrates how to implement fine-grained authorization for both users and AI agents in a Next.js application using Permit.io. By externalizing authorization, we can create more secure, maintainable, and flexible applications that can safely leverage AI capabilities while maintaining appropriate controls.

Please try to run it locally on your machine and let me know the feedback!

Thank you for taking your time to read this blog. I hope you enjoyed it. Your support means the world to me. Thank youuuuuuuuuuuuuuuuu! ❣️