Organizations are increasingly leveraging Retrieval-Augmented Generation (RAG) to enhance customer interactions through AI-powered tools like chatbots. RAG combines large language models (LLMs) with external knowledge bases, allowing for more accurate and contextual responses by integrating proprietary data. However, the article highlights significant concerns regarding data privacy. Many organizations fear that adding context to prompts could expose sensitive information, as LLMs do not inherently implement authorization. To address this, the article emphasizes the importance of robust authorization mechanisms. Unlike traditional search engines that verify access at the data source level, RAG implementations often bypass these checks. This creates risks, especially since vector databases might not sync permission changes immediately. Organizations need a method where permissions are verified directly through the data source before any data is returned. This ensures that any changes in access rights are reflected in real-time. The article provides a detailed example using Amazon S3 Access Grants in conjunction with Amazon Bedrock Knowledge Bases. It outlines a scenario involving an organization with various teams, each having specific access rights. Users are categorized by their groups, and files can be tagged as highly confidential to restrict access. The process involves users authenticating through an identity provider, after which the application verifies their permissions against the S3 Access Grants before querying the knowledge base. Only authorized data is sent to the LLM for processing, effectively maintaining data security while using generative AI tools.