<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/">
  <channel>
    <title>Aws on Sachin Chavan</title>
    <link>https://sachinsmc.me/blog/tags/aws/</link>
    <description>Recent content in Aws on Sachin Chavan</description>
    <generator>Hugo</generator>
    <language>en-us</language>
    <lastBuildDate>Sat, 20 Jun 2026 12:00:00 +0400</lastBuildDate>
    <atom:link href="https://sachinsmc.me/blog/tags/aws/index.xml" rel="self" type="application/rss+xml" />
    <item>
      <title>Every Retrieval Is an Authorization Decision: Multi-Tenant RAG Done Safely</title>
      <link>https://sachinsmc.me/blog/posts/multi-tenant-rag-authorization-boundary/</link>
      <pubDate>Sat, 20 Jun 2026 12:00:00 +0400</pubDate>
      <guid>https://sachinsmc.me/blog/posts/multi-tenant-rag-authorization-boundary/</guid>
      <description>In a single-tenant RAG you trust the index. In a multi-tenant one, a shared index plus one missing filter leaks Tenant A&amp;rsquo;s documents into Tenant B&amp;rsquo;s answer. Here is the unified mental model that ties the metadata-filtering mechanics and the authorization layer together, treat the tenant filter as a policy decision, not app code, with the same architecture mapped across AWS, Azure, and Google Cloud (diagrams and Python included).</description>
    </item>
  </channel>
</rss>
