Vector databases increasingly enforce role-based access control, where each top-k approximate nearest neighbor query must return only vectors the querying role is authorized to access. Two extremes bracket the design space. A single global index built over all vectors avoids duplication but wastes search effort on unauthorized vectors and degrades recall, while an oracle index, built with all authorized vectors to the query roles, searches only authorized vectors but duplicates every shared vector between roles or queries. We present Veda and its efficient variant EffVeda, two indexing strategies built on an access-aware lattice to address access control in vector databases. The methods first partitions the dataset into disjoint data blocks by role combination, then leverage the structure of the access-aware lattice to apply copy and merge operations to group co-accessed blocks under a user-specified storage budget. Large nodes in the lattice are then indexed with HNSW, while small nodes are retained for linear scan. To facilitate query processing on the lattice, our methods construct a query plan that selects the minimal set of nodes that covers all authorized data for each role. At query time, coordinated search first queries pure (authorized-only) nodes to populate a global top-k heap, then leverages the resulting distance bound of the k-th data in the heap to prune exploration on impure nodes, avoiding the inflated search that independent per-index execution would require. Evaluations show that our methods deliver higher throughput at high recall while closely tracking the storage budget.

翻译：向量数据库日益强化基于角色的访问控制，要求每个top-k近似最近邻查询仅返回查询角色有权访问的向量。设计空间的两端存在两种极端方案：基于所有向量构建的单一全局索引虽能避免数据重复，但会浪费搜索开销在未授权向量上并降低召回率；而基于查询角色所有授权向量构建的预言索引虽仅搜索授权向量，但需复制角色间或查询间共享的每个向量。本文提出Veda及其高效变体EffVeda两种基于访问感知格结构的索引策略，用于解决向量数据库的访问控制问题。该方法首先将数据集按角色组合划分为不相交的数据块，然后利用访问感知格结构对共同访问的数据块执行复制与合并操作，在用户指定的存储预算内实现分组。格中大规模节点采用HNSW索引，小规模节点保留用于线性扫描。为支持格上的查询处理，我们构建查询计划，为每个角色选择覆盖其所有授权数据的最小节点集合。查询时，协调搜索首先检索纯（仅授权）节点以填充全局top-k堆，然后利用堆中第k个数据的距离边界剪枝不纯节点上的探索，从而避免独立逐索引执行导致的搜索膨胀。评估表明，本方法在高召回率下可实现更高吞吐量，同时紧密遵循存储预算。