Skip to content

Commit c3332ec

Browse files
mattgotteinermattgotteiner
committed
update
1 parent 3973b26 commit c3332ec

File tree

1 file changed

+11
-1
lines changed

1 file changed

+11
-1
lines changed

articles/search/search-indexer-access-control-lists-and-role-based-access.md

Lines changed: 11 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -288,5 +288,15 @@ Choose one of the following mechanisms, depending on how many items changed:
288288

289289
## Deletion tracking
290290

291-
To effectively manage blob deletion, ensure that you have enabled [deletion tracking](search-howto-index-changed-deleted-blobs.md) before your indexer runs for the first time. This feature allows the system to detect deleted blobs from your source and have them deleted from the index.
291+
To effectively manage blob deletion, ensure that you have enabled [deletion tracking](search-howto-index-changed-deleted-blobs.md) before your indexer runs for the first time. This feature allows the system to detect deleted blobs from your source and have them deleted from the index.
292292

293+
## Supported ADLS Gen2 permission features
294+
295+
This section compares document-level access control features between ADLS Gen2 and Azure AI Search. It highlights which ADLS Gen2 access control mechanisms are supported or mapped when integrating with AI Search, helping you understand how permissions are enforced at the document level.
296+
297+
| ADLS Gen2 Feature | Description | Supported | Notes |
298+
|-|-|-|-|
299+
| [RBAC](/azure/storage/blobs/data-lake-storage-access-control-model#role-based-access-control-azure-rbac) | Coarse-grained access at container level | Yes | AI Search honors RBAC for access to all documents in the entire container. |
300+
| [ABAC](/azure/storage/blobs/data-lake-storage-access-control-model#attribute-based-access-control-azure-abac) | Attribute-based conditions on top of RBAC | No | AI Search does not evaluate ABAC conditions for document-level access. |
301+
| [ACL](/azure/storage/blobs/data-lake-storage-access-control-model#access-control-lists-acls) | Fine-grained permissions at directory/file (document) level | Yes | AI Search uses document-level ACLs for [permission filters](./search-query-access-control-rbac-enforcement.md). |
302+
| [Security Groups](/azure/storage/blobs/data-lake-storage-access-control-model#security-groups) | Group-based permission assignments | Yes | Supported if security groups are mapped inside the document-level ACL. |

0 commit comments

Comments
 (0)