Skip to content

Commit 3eb94b9

Browse files
committed
Edit pass picked up typos
1 parent cf66310 commit 3eb94b9

File tree

3 files changed

+6
-5
lines changed

3 files changed

+6
-5
lines changed

articles/search/search-document-level-access-overview.md

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -55,7 +55,8 @@ For any content that's secured through ACLs, we recommend group access IDs over
5555
Your client app has read permissions to the index via **Search Index Data Reader**, but user or group permission metadata on indexed content determines access at query time. Queries that include a permission filter pass a user or group token as `x-ms-query-source-authorization` in the request header. When you use permission filters at query time, Azure AI Search checks for 2 things:
5656

5757
- First, it checks for **Search Index Data Reader** permission that allows your client application to access the index.
58-
-Second, given the extra token on the request, it checks for user or group permissions on documents that are returned in search results.
58+
59+
-Second, given the extra token on the request, it checks for user or group permissions on documents that are returned in search results, excluding any that don't match.
5960

6061
To get permission metadata into the index, you can use the push model API, pushing any JSON documents to the search index, where the payload includes a string field providing POSIX-like ACLs for each document. The important difference between this approach and security trimming is that the permission filter metadata in the index and query is recognized as Microsoft Entra ID authentication, whereas the security trimming workaround is simple string comparison. Also, you can use the Graph SDK to retrieve the identities.
6162

articles/search/search-index-access-control-lists-and-rbac-push-api.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ ms.author: admayber
1313

1414
[!INCLUDE [Feature preview](./includes/previews/preview-generic.md)]
1515

16-
Indexing documents, along with their associated [Access Control Lists (ACLs)](/azure/storage/blobs/data-lake-storage-access-control) and container [Role-Based Access Control (RBAC) roles](/azure/role-based-access-control/overview), into an Azure AI Search index via the [push REST APIs](/rest/api/searchservice/documents/?view=rest-searchservice-2025-05-01-preview&preserve-view=true) preserves document-level permission on indexed content.
16+
Indexing documents, along with their associated [Access Control Lists (ACLs)](/azure/storage/blobs/data-lake-storage-access-control) and container [Role-Based Access Control (RBAC) roles](/azure/role-based-access-control/overview), into an Azure AI Search index via the [push REST APIs](/rest/api/searchservice/documents/?view=rest-searchservice-2025-05-01-preview&preserve-view=true) preserves document-level permission on indexed content at query time.
1717

1818
Key features include:
1919

@@ -29,7 +29,7 @@ This article explains how to use the push REST API to index document-level permi
2929

3030
- Preview REST API version [2025-05-01-preview](/rest/api/searchservice/documents/?view=rest-searchservice-2025-05-01-preview&preserve-view=true) or a preview Azure SDK package providing equivalent features.
3131

32-
- An index schema with a `permissionFilterOption` enabled, plus `permissionFilter` field attributes that hold the RBAC or ACL metadata.
32+
- An index schema with a `permissionFilterOption` enabled, plus `permissionFilter` field attributes that store the permissions associated with the document.
3333

3434
## Limitations
3535

@@ -39,7 +39,7 @@ This article explains how to use the push REST API to index document-level permi
3939

4040
- A preexisting field can't be converted into a `permissionFilter` field type for use with built-in ACLs or RBAC metadata filtering. To enable filtering on an existing index, new fields must be created with the correct permission filter type.
4141

42-
- Only one field of each `permissionFilter` type (one each of `groupIds`, `usersIds`, and `rbacScope`), can exist in an index.
42+
- Only one field of each `permissionFilter` type (one each of `groupIds`, `usersIds`, and `rbacScope`) can exist in an index.
4343

4444
## Create an index with permission filter fields
4545

articles/search/search-query-access-control-rbac-enforcement.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -61,7 +61,7 @@ The security filter efficiently matches the userIds, groupIds, and rbacScope fro
6161

6262
## Query example
6363

64-
Here's an example of a query request from [sample code](https://github.com/Azure-Samples/azure-search-rest-samples/tree/main/Quickstart-ACL). The query token is passed in the request header. THe query token is the personal access token of a user or a group identity.
64+
Here's an example of a query request from [sample code](https://github.com/Azure-Samples/azure-search-rest-samples/tree/main/Quickstart-ACL). The query token is passed in the request header. The query token is the personal access token of a user or a group identity behind the request.
6565

6666
```http
6767
POST {{endpoint}}/indexes/stateparks/docs/search?api-version=2025-05-01-preview

0 commit comments

Comments
 (0)