pgvector
Apply RBAC, ABAC, and ReBAC policies to pgvector similarity search without modifying your Postgres schema.
Search capabilities
| Vector (ANN) | Keyword (ranked) | Keyword (filter) | Hybrid (native) | Grep (substring) | Grep (regex) |
|---|---|---|---|---|---|
Policy overhead <25ms p95. Full retrieval (vector search + policy evaluation) <50ms p95 on typical schemas.
pgvector extends PostgreSQL with native vector similarity search. Gateco connects to pgvector as a Tier 1 connector, supporting both ingestion (indexing vectors from source data) and retrieval (policy-gated similarity search).
Every retrieval query is intercepted by the Gateco policy engine before results reach your AI application. Policies can gate access based on principal groups, departments, custom attributes, or direct resource relationships (ReBAC). The PostgreSQL connection string is stored with KMS envelope encryption — it never appears in logs or API responses.
pgvector is the only connector that supports sql_view metadata resolution: Gateco reads policy-relevant metadata directly from a structured SQL view in your database, using validated identifiers (never raw SQL). This is the highest-fidelity metadata path and avoids sidecar synchronization lag.
Retroactive registration scans your existing vector table and enrolls all vector IDs as Gateco resources, so you can apply policies to data that was embedded before Gateco was deployed. No re-embedding required.
Sample search config
{
"table": "documents",
"embedding_column": "embedding",
"content_column": "content",
"metadata_columns": ["classification", "department", "owner_id"],
"text_search_config": "english"
}Sample policy
{
"name": "Finance document access",
"effect": "allow",
"rules": [{
"conditions": [
{"field": "principal.groups", "operator": "contains", "value": "finance"},
{"field": "resource.classification", "operator": "in", "value": ["internal", "public"]}
]
}],
"selectors": [{"connector_type": "pgvector"}]
}Policy conditions reference resource.* and principal.* fields. Policy reference →
Frequently asked questions
- Does Gateco replace pgvector row-level security?
- No — they address different threat models. pgvector RLS gates access at the SQL query level inside Postgres. Gateco gates access at the retrieval layer above the database, using attribute-based and relationship-based policies that span multiple connectors. They can coexist: RLS provides a database-level backstop; Gateco provides semantic policy enforcement with a full audit trail.
- Which metadata resolution modes are available for pgvector?
- All four: sidecar (Gateco's metadata store), inline (vector payload columns), sql_view (a validated SQL view in your database — Postgres-family only), and auto (tries all three in order). sql_view gives real-time metadata from your source schema without synchronization lag.
- Do I need to re-embed my data to use Gateco?
- No. Use retroactive registration to enroll existing vectors from your pgvector table. Gateco scans the table for unregistered vector IDs and adds them as gated resources. You can then apply policies without touching your embedding pipeline.
Ready to connect pgvector?
Follow the step-by-step setup guide or talk to the team for help with your specific configuration.