Skip to main content
Multi-user mode is the architectural directive in Cognee that enforces strict data isolation between different users and datasets. It is primarily controlled by the environment variable ENABLE_BACKEND_ACCESS_CONTROL. Starting with version 0.5.0, this mode is enabled by default to ensure a “secure-by-default” posture for all deployments. To turn off multi-user mode, set the environment variable ENABLE_BACKEND_ACCESS_CONTROL=false.
Data Isolation Enforcement — When active, Cognee partitions the knowledge graph and vector stores, ensuring data created by one user is neither visible nor accessible to another, unless read permission has been given to the other user.
When multi-user mode is active, the system unlocks several multi-tenant features:
  • Isolated Search: Search operations are strictly scoped to datasets the authenticated user has explicit read access to. To learn more about the permissions system and access types, read about our Permission System.
  • Granular Management: Adding or removing documents is scoped at the dataset level, preventing global knowledge pool pollution.
  • Automatic Routing: The system automatically determines which local/cloud database or logical schema to connect to based on the dataset. This is done with the help of Dataset Database Handlers.

Permission System

Learn about the permission system that powers multi-user mode

Dataset Database Handlers

Understand database connection resolution per dataset