Skip to content

Test Permissions

⏱️ Estimated time: 5 minutes

One of the biggest concerns in enterprise AI is security: "Will Glean show people things they shouldn't see?" The answer is no — and you can prove it right now with your two personas.

Glean enforces the exact same permissions as the underlying source apps. If a document is restricted in SharePoint, it's restricted in Glean. If a Confluence space is private to Engineering, Sales can't see it.

Step 1 — Log In as Persona 1

Sign in with your first persona (let's say they're in Engineering).

Search for: product roadmap

Note the results that appear — you should see engineering-specific documents from the Engineering Confluence space, Engineering SharePoint site, and relevant Teams channels.

Take a screenshot

Capture the results page so you can compare it side-by-side with Persona 2's results.

Step 2 — Log In as Persona 2

Open a separate browser profile or incognito window and sign in with your second persona (let's say they're in Sales).

Search for the exact same query: product roadmap

Step 3 — Compare the Results

You should immediately notice:

  • Different results — Persona 2 sees Sales-relevant content (e.g. customer-facing roadmap decks, Sales Confluence space content) rather than internal Engineering documents
  • Missing results — Documents that appeared for Persona 1 (e.g. engineering sprint plans, internal architecture docs) will not appear for Persona 2 at all
  • Same platform, different views — both personas are using the same Glean instance, but their experience is entirely shaped by their permissions

More Things to Try

Action What to Expect
Persona 1 (Engineering): Search Jira or sprint Returns Jira tickets and engineering content
Persona 2 (Sales): Search Jira or sprint Returns fewer or no results (Sales doesn't have Jira access)
Either persona: Search for the other persona's name You'll see their people card, but not their private documents
Upload a file to Persona 1's OneDrive (private) Persona 2 cannot see it in search

This only works with content that has actual permission differences

Company-wide content (e.g. all-hands announcements, public SharePoint sites) will appear for both personas. The permission differences are most visible with department-specific content in Teams, SharePoint, Confluence, and Jira.

What to Notice

  • Permissions are enforced in real-time — there's no delay or "eventual consistency." If a document is restricted, it's immediately invisible to unauthorized personas
  • This applies to AI features too — Glean Assistant will never cite a document your persona doesn't have access to. Try asking both personas the same question in Assistant and compare the cited sources
  • No admin configuration needed — Glean reads permissions directly from the source apps. There's nothing to set up or maintain

Why this matters

Permission enforcement is the #1 enterprise requirement for AI platforms. Glean doesn't just claim to respect permissions — you can see it working in real-time by comparing your two personas. This is the proof point your security and compliance teams will want to see.