You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Starting in 2025-05-01-preview, you can now include Rbac scope alongside document ingestion in Azure AI Search and use those permissions to control access to search results.
16
+
Starting in 2025-05-01-preview, you can now include RBAC scope alongside document ingestion in Azure AI Search and use those permissions to control access to search results.
17
17
18
18
You can use the push APIs to upload and index content and permission metadata manually see [Indexing Permissions using the push REST API](search-index-access-control-lists-and-rbac-push-api.md), or you can use an indexer to automate data ingestion. This article focuses on the indexer approach.
19
19
@@ -27,9 +27,9 @@ The indexer approach is built on this foundation:
27
27
28
28
## Prerequisites
29
29
30
-
+ Microsoft Entra ID authentication and authorization. Services and apps must be in the same tenant. Role assignments are used for each authenticated connection.
30
+
+[Microsoft Entra ID authentication and authorization](https://learn.microsoft.com/en-us/entra/identity/authentication/overview-authentication). Services and apps must be in the same tenant. Role assignments are used for each authenticated connection.
31
31
32
-
+ Azure AI Search, any region, but you must have a billable tier (basic and higher) for managed identity support. The search service must be [configured for role-based access](search-security-enable-roles.md) and it must [have a managed identity (either system or user)](search-howto-managed-identities-data-sources.md).
32
+
+ Azure AI Search, any region, but you must have a billable tier (basic and higher) see [Service limits](search-limits-quotas-capacity.md)for managed identity support. The search service must be [configured for role-based access](search-security-enable-roles.md) and it must [have a managed identity (either system or user)](search-howto-managed-identities-data-sources.md).
33
33
34
34
## Limitations
35
35
@@ -39,9 +39,7 @@ The indexer approach is built on this foundation:
39
39
40
40
### Authorization
41
41
42
-
For indexer execution, your search service identity must have **Storage Blob Data Reader** permission.
43
-
44
-
If you're testing locally, you should also have a **Storage Blob Data Reader** role assignment. For more information, see [Connect to Azure Storage using a managed identity](search-howto-managed-identities-storage.md).
42
+
For indexer execution, your search service identity must have **Storage Blob Data Reader** permission see [Connect to Azure Storage using a managed identity](search-howto-managed-identities-storage.md).
45
43
46
44
## Configure Azure AI Search for indexing permission filters
47
45
@@ -52,9 +50,7 @@ Recall that the search service must have:
52
50
53
51
### Authorization
54
52
55
-
For indexer execution, the client issuing the API call must have **Search Service Contributor** permission to create objects, **Search Index Data Contributor** permission to perform data import, and **Search Index Data Reader** to query an index.
56
-
57
-
If you're testing locally, you should have the same role assignments. For more information, see [Connect to Azure AI Search using roles](search-security-rbac.md).
53
+
For indexer execution, the client issuing the API call must have **Search Service Contributor** permission to create objects, **Search Index Data Contributor** permission to perform data import, and **Search Index Data Reader** to query an index see [Connect to Azure AI Search using roles](search-security-rbac.md).
0 commit comments