Skip to content

Commit 113b37e

Browse files
authored
Merge pull request #180403 from dereklegenzoff/rbac-updates
Updating preview limitations for RBAC
2 parents e88c5df + 5f3f002 commit 113b37e

File tree

2 files changed

+13
-1
lines changed

2 files changed

+13
-1
lines changed

articles/search/search-howto-aad.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ ms.date: 10/04/2021
1313
# Authorize search requests using Azure AD (preview)
1414

1515
> [!IMPORTANT]
16-
> Role-based access control for data plane operations, such as creating an index or querying an index, is currently in public preview and available under [supplemental terms of use](https://azure.microsoft.com/support/legal/preview-supplemental-terms/). This functionality is only available in public cloud regions and may impact the latency of your operations while the functionality is in preview.
16+
> Role-based access control for data plane operations, such as creating an index or querying an index, is currently in public preview and available under [supplemental terms of use](https://azure.microsoft.com/support/legal/preview-supplemental-terms/). This functionality is only available in public cloud regions and may impact the latency of your operations while the functionality is in preview. For more information on preview limitations, see [RBAC preview limitations](./search-security-rbac.md?tabs=config-svc-rest%2croles-powershell%2ctest-rest#preview-limitations).
1717
1818
With Azure Active Directory (Azure AD), you can use role-based access control (RBAC) to grant access to your Azure Cognitive Search services. A key advantage of using Azure AD is that your credentials no longer need to be stored in your code. Azure AD authenticates the security principal (a user, group, or service principal) running the application. If authentication succeeds, Azure AD returns the access token to the application, and the application can then use the access token to authorize requests to Azure Cognitive Search. To learn more about the advantages of using Azure AD in your applications, see [Integrating with Azure Active Directory](../active-directory/develop/active-directory-how-to-integrate.md#benefits-of-integration).
1919

articles/search/search-security-rbac.md

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,7 @@ ms.author: heidist
99
ms.service: cognitive-search
1010
ms.topic: conceptual
1111
ms.date: 10/04/2021
12+
ms.custom: references_regions
1213
---
1314

1415
# Use role-based authorization in Azure Cognitive Search
@@ -71,6 +72,17 @@ You can also sign up for the preview using Azure Feature Exposure Control (AFEC)
7172
> [!NOTE]
7273
> Once you add the preview to your subscription, all services in the subscription will be permanently enrolled in the preview. If you don't want RBAC on a given service, you can disable RBAC for data plane operations as shown in the next step.
7374
75+
### Preview limitations
76+
77+
Role-based access control for data plane operations, such as creating an index or querying an index, is currently in public preview and available under [supplemental terms of use](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).
78+
79+
There are also a few other limitations to be aware of:
80+
81+
* Using RBAC may increase the latency of some requests. Each unique combination of service resource (index, indexer, etc.) and service principal that's used in a request will require an authorization check to be done. These authorization checks can add up to 200 milliseconds of latency to a request.
82+
* In extreme cases where there are requests coming from a high number of different service principals and targeting different service resources (indexes, indexers, etc.), it's possible that there could be throttling caused by the authorization checks required. Throttling would only happen if hundreds of unique combinations of search service resource and service principal were used within a second.
83+
* The RBAC preview is currently only available in public cloud regions and isn't available in Azure Government, Azure Germany, or Azure China 21Vianet.
84+
* If a subscription is migrated to a new tenant, the RBAC preview will need to be re-enabled.
85+
7486
## Step 2: Preview configuration
7587

7688
**Applies to:** Search Index Data Contributor, Search Index Data Reader, Search Service Contributor

0 commit comments

Comments
 (0)