Fine-Grained Authorization for Secure RAG With OpenSearch

Fine-Grained Authorization for Secure RAG With OpenSearch - Juan Pablo Noreña, Canonical As Retrieval Augmented Generation (RAG) becomes the go-to solution for enterprise LLMOps adoption, a security gap has emerged: Most implementations prioritize answer precision over data governance. This creates significant information security vulnerabilities, especially in environments that require role-based access controls for sensitive information. This presentation introduces a fine-grained authorization model for an enterprise-grade RAG workflow, built using OpenSearch as the vector database. It will showcase how to implement document-level security that enforces access controls throughout the ingestion and retrieval pipelines, while maintaining precise results. Key topics include: - Implementing document-level security in OpenSearch indices. - Preserving user authorization context throughout the RAG pipeline. - Filtering retrieved chunks based on user permissions before LLM processing. - Performance optimization strategies that balance security with low latency. - A router mechanism across multiple indexes. The presentation aims to demonstrate OpenSearch’s key role in RAG applications and how its rich ecosystem of tools enhances precision and security.