Enterprise deployments of vector databases require access control policies to protect sensitive data. These systems often implement access control through hybrid vector queries that combine nearest-neighbor search with relational predicates based on user permissions. However, existing approaches face a fundamental trade-off: dedicated per-user indexes minimize query latency but incur high memory redundancy, while shared indexes with post-search filtering reduce memory overhead at the cost of increased latency. This paper introduces HONEYBEE, a dynamic partitioning framework that leverages the structure of Role-Based Access Control (RBAC) policies to create a smooth trade-off between these extremes. RBAC policies organize users into roles and assign permissions at the role level, creating a natural ``thin waist" in the permission structure that is ideal for partitioning decisions. Specifically, HONEYBEE produces overlapping partitions where vectors can be strategically replicated across different partitions to reduce query latency while controlling memory overhead. To guide these decisions, HONEYBEE develops analytical models of vector search performance and recall, and formulates partitioning as a constrained optimization problem that balances memory usage, query efficiency, and recall. Evaluations on RBAC workloads demonstrate that HONEYBEE achieves up to 13.5X lower query latency than row-level security with only a 1.24X increase in memory usage, while achieving comparable query performance to dedicated, per-role indexes with 90.4% reduction in additional memory consumption, offering a practical middle ground for secure and efficient vector search.

翻译：企业级向量数据库部署需要访问控制策略来保护敏感数据。这些系统通常通过混合向量查询实现访问控制，该查询将最近邻搜索与基于用户权限的关系谓词相结合。然而，现有方法面临一个根本性的权衡：专用用户索引能最小化查询延迟但带来高内存冗余，而采用后搜索过滤的共享索引虽能降低内存开销却以增加延迟为代价。本文提出HONEYBEE，一种动态分区框架，该框架利用基于角色的访问控制（RBAC）策略的结构，在上述两种极端方案之间实现平滑权衡。RBAC策略将用户组织为角色并在角色级别分配权限，从而在权限结构中形成一个天然的“细腰”层，这为分区决策提供了理想依据。具体而言，HONEYBEE生成重叠分区，其中向量可被策略性地复制到不同分区以降低查询延迟，同时控制内存开销。为引导这些决策，HONEYBEE建立了向量搜索性能与召回率的分析模型，并将分区问题形式化为平衡内存使用、查询效率与召回率的约束优化问题。在RBAC工作负载上的评估表明，HONEYBEE相比行级安全方案可实现高达13.5倍的查询延迟降低，而内存使用仅增加1.24倍；同时，在达到与专用角色索引相当查询性能的前提下，额外内存消耗减少90.4%，为安全高效的向量搜索提供了实用的中间方案。