Enterprise deployments of vector databases require access control policies to protect sensitive data. These systems often implement access control through hybrid vector queries that combine nearest-neighbor search with relational predicates based on user permissions. However, existing approaches face a fundamental trade-off: dedicated per-user indexes minimize query latency but incur high memory redundancy, while shared indexes with post-search filtering reduce memory overhead at the cost of increased latency. This paper introduces HONEYBEE, a dynamic partitioning framework that leverages the structure of Role-Based Access Control (RBAC) policies to create a smooth trade-off between these extremes. RBAC policies organize users into roles and assign permissions at the role level, creating a natural ``thin waist`` in the permission structure that is ideal for partitioning decisions. Specifically, HONEYBEE produces overlapping partitions where vectors can be strategically replicated across different partitions to reduce query latency while controlling memory overhead. To guide these decisions, HONEYBEE develops analytical models of vector search performance and recall, and formulates partitioning as a constrained optimization problem that balances memory usage, query efficiency, and recall. Evaluations on RBAC workloads demonstrate that HONEYBEE achieves up to 13.5X lower query latency than row-level security with only a 1.24X increase in memory usage, while achieving comparable query performance to dedicated, per-role indexes with 90.4% reduction in additional memory consumption, offering a practical middle ground for secure and efficient vector search.

翻译：企业级向量数据库部署需要访问控制策略来保护敏感数据。这些系统通常通过混合向量查询实现访问控制，将最近邻搜索与基于用户权限的关系谓词相结合。然而，现有方法面临一个根本性的权衡：专用单用户索引虽能最小化查询延迟，却导致较高的内存冗余；而采用后搜索过滤的共享索引虽能降低内存开销，却以增加延迟为代价。本文提出HONEYBEE动态分区框架，该框架利用基于角色的访问控制（RBAC）策略的结构，在上述两种极端方案之间实现平滑权衡。RBAC策略将用户组织为角色并在角色层级分配权限，在权限结构中形成天然的"细腰"层，这为分区决策提供了理想依据。具体而言，HONEYBEE生成重叠分区，通过策略性地将向量复制到不同分区来降低查询延迟，同时控制内存开销。为引导此类决策，HONEYBEE建立了向量搜索性能与召回率的分析模型，并将分区问题形式化为平衡内存使用、查询效率与召回率的约束优化问题。在RBAC工作负载上的评估表明：相较于行级安全方案，HONEYBEE在仅增加1.24倍内存使用的情况下实现最高13.5倍的查询延迟降低；与专用角色索引相比，在保持相当查询性能的同时额外内存消耗减少90.4%，为安全高效的向量搜索提供了实用的折中方案。