Authorizing access to data with RAG implementations
Part of:Context Engineering
The cloud-vendor recipe, with working code. The operating assumption is the right one: any chunk passed to the model can be returned to the user, so chunks are filtered against the caller's access grants before the model ever sees them. Published the same day as the participant-aware access control paper, and effectively that argument implemented: authorisation as a deterministic precondition enforced at retrieval, not a filter applied after generation.