You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/search/search-query-acls-rbac-enforcement.md
+4-4Lines changed: 4 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -11,11 +11,11 @@ ms.author: magottei
11
11
12
12
# Query-Time ACL and RBAC Enforcement in Azure AI Search
13
13
14
-
Query-time access control ensures that users only retrieve search results they are authorized to access, based on their identity, group memberships, roles, or attributes. This functionality is essential for secure enterprise search and compliance-driven workflows.
14
+
Query-time access control ensures that users only retrieve search results they're authorized to access, based on their identity, group memberships, roles, or attributes. This functionality is essential for secure enterprise search and compliance-driven workflows.
15
15
16
16
## Requirements
17
17
- Azure Data Lake Storage (ADLS) Gen2 data source configured ACLs and/or RBAC roles at container level, or permissions manually pushed into the index.
18
-
- Configure document ACL and RBAC role functionality as required using Azure AI Search [built-in indexers](search-indexer-acls-rbac.md) or when indexing the documents [using the API directly](search-indexing-acls-rbac-push-api.md).
18
+
- Configure document ACL and RBAC role functionality as required using Azure AI Search [built-in indexers](search-indexer-access-control-lists-and-role-based-access.md) or when indexing the documents [using the API directly](search-index-access-control-lists-and-rbac-push-api.md).
19
19
20
20
21
21
## How query-time enforcement works
@@ -35,7 +35,7 @@ The end-user application sends user permission as part of the search query reque
35
35
Azure AI Search dynamically constructs security filters based on the user permissions provided. These security filters are automatically appended to any filters that might come in with the query if the index has the permission filter option enabled.
36
36
37
37
### 3. Results Filtering
38
-
The security filter efficiently matches the userIds, groupIds and rbacScope from the user against each list of ACLs in every document in the search index to limit the results returned to ones the user has access to. It's important to note that each filter is applied indepdendently and a document is considered authorized if any filter succeeds. For example, if a user has access to a document through userIds but not through groupIds, the document is still considered valid and returned to the user.
38
+
The security filter efficiently matches the userIds, groupIds, and rbacScope from the user against each list of ACLs in every document in the search index to limit the results returned to ones the user has access to. It's important to note that each filter is applied independently and a document is considered authorized if any filter succeeds. For example, if a user has access to a document through userIds but not through groupIds, the document is still considered valid and returned to the user.
39
39
40
40
---
41
41
@@ -47,4 +47,4 @@ The security filter efficiently matches the userIds, groupIds and rbacScope from
47
47
48
48
## Next steps
49
49
*[How to Index Permission Information](tutorial-adls-gen2-indexer-acls.md) provides a detailed walkthrough of how to set up an index with ACLs using Azure Search indexers.
50
-
*[Indexing ACLs and RBAC using Push API in Azure AI Search](search-indexing-acls-rbac-push-api.md) provides a walkthrough of how to setup an index with ACLs using the push API.
50
+
*[Indexing ACLs and RBAC using Push API in Azure AI Search](search-index-access-control-lists-and-rbac-push-api.md) provides a walkthrough of how to set up an index with ACLs using the push API.
0 commit comments