update

Author: mattgotteiner

Quickstart-ACL/requirements.txt

@@ -6,4 +6,4 @@ requests
 msgraph-sdk
 
 --extra-index-url https://pkgs.dev.azure.com/azure-sdk/public/_packaging/azure-sdk-for-python/pypi/simple/
-azure-search-documents==11.6.0a20250505003
+azure-search-documents==11.6.0a20250507002

Quickstart-Document-Permissions/document-permissions.ipynb

@@ -8,9 +8,17 @@
     "## Document Permissions in Azure AI Search"
    ]
   },
+  {
+   "cell_type": "markdown",
+   "id": "f445040a",
+   "metadata": {},
+   "source": [
+    "## 1. Load Connections"
+   ]
+  },
   {
    "cell_type": "code",
-   "execution_count": 10,
+   "execution_count": 33,
    "id": "0b40bb5b",
    "metadata": {},
    "outputs": [],
@@ -30,12 +38,21 @@
     "adls_gen2_account_name = os.getenv(\"AZURE_STORAGE_ACCOUNT_NAME\", \"documentpermissionssample\")\n",
     "adls_gen2_container_name = os.getenv(\"AZURE_STORAGE_CONTAINER_NAME\", \"documentpermissionssample\")\n",
     "adls_gen2_connection_string = os.environ[\"AZURE_STORAGE_CONNECTION_STRING\"]\n",
+    "adls_gen2_resource_id = os.environ[\"AZURE_STORAGE_RESOURCE_ID\"]\n",
     "token_provider = get_bearer_token_provider(credential, \"https://search.azure.com/.default\")"
    ]
   },
+  {
+   "cell_type": "markdown",
+   "id": "2d46b940",
+   "metadata": {},
+   "source": [
+    "## 2. Create Index"
+   ]
+  },
   {
    "cell_type": "code",
-   "execution_count": 2,
+   "execution_count": 34,
    "id": "2f981cad",
    "metadata": {},
    "outputs": [
@@ -56,8 +73,9 @@
     "    name=index_name,\n",
     "    fields=[\n",
     "        SearchField(name=\"id\", type=\"Edm.String\", key=True, filterable=True, sortable=True),\n",
-    "        SearchField(name=\"oid\", type=\"Collection(Edm.String)\", filterable=True, permission_filter=PermissionFilter.USER_IDS),\n",
-    "        SearchField(name=\"group\", type=\"Collection(Edm.String)\", filterable=True, permission_filter=PermissionFilter.GROUP_IDS),\n",
+    "        SearchField(name=\"content\", type=\"Edm.String\", searchable=True, filterable=False, sortable=False),\n",
+    "        SearchField(name=\"oids\", type=\"Collection(Edm.String)\", filterable=True, permission_filter=PermissionFilter.USER_IDS),\n",
+    "        SearchField(name=\"groups\", type=\"Collection(Edm.String)\", filterable=True, permission_filter=PermissionFilter.GROUP_IDS),\n",
     "        SearchField(name=\"metadata_storage_path\", type=\"Edm.String\", searchable=True),\n",
     "        SearchField(name=\"metadata_storage_name\", type=\"Edm.String\", searchable=True)\n",
     "    ],\n",
@@ -68,9 +86,17 @@
     "print(f\"Index '{index_name}' created with permission filter option enabled.\")"
    ]
   },
+  {
+   "cell_type": "markdown",
+   "id": "2b8945a2",
+   "metadata": {},
+   "source": [
+    "## 3. Create data source"
+   ]
+  },
   {
    "cell_type": "code",
-   "execution_count": 11,
+   "execution_count": 35,
    "id": "b25aaf7b",
    "metadata": {},
    "outputs": [
@@ -89,7 +115,7 @@
     "datasource = SearchIndexerDataSourceConnection(\n",
     "    name=datasource_name,\n",
     "    type=SearchIndexerDataSourceType.ADLS_GEN2,\n",
-    "    connection_string=adls_gen2_connection_string,\n",
+    "    connection_string=f\"ResourceId={adls_gen2_resource_id};\",\n",
     "    container=SearchIndexerDataContainer(name=adls_gen2_container_name),\n",
     "    indexer_permission_options=[IndexerPermissionOption.GROUP_IDS]\n",
     ")\n",
@@ -98,9 +124,80 @@
     "print(f\"Datasource '{datasource_name}' created with permission filter option enabled.\")"
    ]
   },
+  {
+   "cell_type": "markdown",
+   "id": "ff5b912d",
+   "metadata": {},
+   "source": [
+    "## 4. Get group id"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 36,
+   "id": "329fe160",
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "from msgraph import GraphServiceClient\n",
+    "client = GraphServiceClient(credentials=credential, scopes=[\"https://graph.microsoft.com/.default\"])\n",
+    "\n",
+    "groups = await client.me.member_of.get()\n",
+    "group_id = groups.value[0].id "
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "id": "20588dc3",
+   "metadata": {},
+   "source": [
+    "## 5. Upload sample directory and file"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 37,
+   "id": "acd28b29",
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/plain": [
+       "{'counters': {'directories_successful': 2, 'files_successful': 1, 'failure_count': 0}, 'continuation': None}"
+      ]
+     },
+     "execution_count": 37,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "from azure.storage.filedatalake import DataLakeServiceClient\n",
+    "\n",
+    "service = DataLakeServiceClient.from_connection_string(adls_gen2_connection_string, credential=credential)\n",
+    "container = service.get_file_system_client(adls_gen2_container_name)\n",
+    "if not container.exists():\n",
+    "    container.create_file_system()\n",
+    "data_dir_client = container.get_directory_client(\"data\")\n",
+    "data_dir_client.create_directory()\n",
+    "file_client = data_dir_client.create_file(\"sample.txt\")\n",
+    "file_client.upload_data(\"This is a sample file.\", overwrite=True)\n",
+    "\n",
+    "root_dir_client = container.get_directory_client(\"/\")\n",
+    "root_dir_client.update_access_control_recursive(f\"group:{group_id}:rwx\")\n"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "id": "ca6de2ad",
+   "metadata": {},
+   "source": [
+    "## 6. Run indexer"
+   ]
+  },
   {
    "cell_type": "code",
-   "execution_count": 15,
+   "execution_count": 39,
    "id": "2ce7eb5e",
    "metadata": {},
    "outputs": [
@@ -120,14 +217,76 @@
     "    target_index_name=index_name,\n",
     "    data_source_name=datasource_name,\n",
     "    field_mappings=[\n",
-    "        FieldMapping(source_field_name=\"metadata_group_ids\", target_field_name=\"group\"),\n",
-    "        FieldMapping(source_field_name=\"metadata_user_ids\", target_field_name=\"oid\"),\n",
+    "        FieldMapping(source_field_name=\"metadata_group_ids\", target_field_name=\"groups\"),\n",
+    "        FieldMapping(source_field_name=\"metadata_user_ids\", target_field_name=\"oids\"),\n",
     "    ]\n",
     ")\n",
     "\n",
     "indexer_client.create_or_update_indexer(indexer)\n",
     "print(f\"Indexer '{indexer_name}' created\")\n"
    ]
+  },
+  {
+   "cell_type": "markdown",
+   "id": "987dd496",
+   "metadata": {},
+   "source": [
+    "## 7. Search sample data using x-ms-query-source-authorization "
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 43,
+   "id": "7a899da1",
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Path: https://magotteiadlsgen2.blob.core.windows.net/documentpermissionssample/data/sample.txt, OID: ['none'], Group: ['ec5aece9-33fc-4b2e-abe1-aedf771357a3']\n"
+     ]
+    }
+   ],
+   "source": [
+    "from azure.search.documents import SearchClient\n",
+    "search_client = SearchClient(endpoint=endpoint, index_name=index_name, credential=credential)\n",
+    "\n",
+    "results = search_client.search(search_text=\"*\", x_ms_query_source_authorization=token_provider(), select=\"metadata_storage_path,oids,groups\", order_by=\"id asc\")\n",
+    "for result in results:\n",
+    "    print(f\"Path: {result['metadata_storage_path']}, OID: {result['oids']}, Group: {result['groups']}\")"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "id": "c712ab8c",
+   "metadata": {},
+   "source": [
+    "## 8. Search sample data without x-ms-query-source-authorization "
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 44,
+   "id": "72d203f0",
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Path: https://magotteiadlsgen2.blob.core.windows.net/documentpermissionssample/data/sample.txt, OID: ['none'], Group: ['ec5aece9-33fc-4b2e-abe1-aedf771357a3']\n"
+     ]
+    }
+   ],
+   "source": [
+    "from azure.search.documents import SearchClient\n",
+    "search_client = SearchClient(endpoint=endpoint, index_name=index_name, credential=credential)\n",
+    "\n",
+    "results = search_client.search(search_text=\"*\", x_ms_query_source_authorization=None, select=\"metadata_storage_path,oids,groups\", order_by=\"id asc\")\n",
+    "for result in results:\n",
+    "    print(f\"Path: {result['metadata_storage_path']}, OID: {result['oids']}, Group: {result['groups']}\")"
+   ]
   }
  ],
  "metadata": {

Quickstart-Document-Permissions/requirements.txt

@@ -4,6 +4,7 @@ ipykernel
 dotenv
 requests
 msgraph-sdk
+azure-storage-file-datalake
 
 --extra-index-url https://pkgs.dev.azure.com/azure-sdk/public/_packaging/azure-sdk-for-python/pypi/simple/
-azure-search-documents==11.6.0a20250505003
+azure-search-documents==11.6.0a20250507002