You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/search/service-configure-firewall.md
+7-3Lines changed: 7 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -130,12 +130,12 @@ Workflows for this network exception are requests originating *from* Azure AI St
130
130
131
131
### Trusted resources must have a managed identity
132
132
133
-
For managed identities on Azure OpenAI and Azure Machine Learning:
133
+
To set up managed identities for Azure OpenAI and Azure Machine Learning:
134
134
135
135
+[How to configure Azure OpenAI Service with managed identities](/azure/ai-services/openai/how-to/managed-identity)
136
136
+[How to set up authentication between Azure Machine Learning and other services](/azure/machine-learning/how-to-identity-based-service-authentication).
137
137
138
-
For managed identities on Azure AI services:
138
+
To set up a managed identity for an Azure AI service:
139
139
140
140
1.[Find your multiservice account](https://portal.azure.com/#blade/HubsExtension/BrowseResourceBlade/resourceType/microsoft.cognitiveServices%2Faccounts).
141
141
1. On the leftmost pane, under **Resource management**, select **Identity**.
@@ -145,7 +145,11 @@ For managed identities on Azure AI services:
145
145
146
146
Once your Azure resource has a managed identity, [assign roles on Azure AI Search](keyless-connections.md) to grant permissions to data and operations.
147
147
148
-
The application layer of a RAG solution typically needs query-only permissions (Search Index Data Reader) on Azure AI Search. But the trusted services are used for vectorization workloads: generating vectors from text and image content, and sending payloads back to the search service for query execution or indexing. If you need to load a search index with vectors generated by an embedding model, assign the Search Index Data Contributor role to your trusted resource.
148
+
The trusted services are used for vectorization workloads: generating vectors from text and image content, and sending payloads back to the search service for query execution or indexing. Connections from a trusted service are used to deliver payloads to Azure AI search.
149
+
150
+
+ To load a search index with vectors generated by an embedding model, assign **Search Index Data Contributor**.
151
+
152
+
+ To provide queries with a vector generated by an embedding model, assign **Search Index Data Reader**. The embedding used in a query isn't written to an index, so no write permissions are rquired.
149
153
150
154
> [!NOTE]
151
155
> This article covers the trusted exception for admitting requests to your search service, but Azure AI Search is itself on the trusted services list of other Azure resources. Specifically, you can use the trusted service exception for [connections from Azure AI Search to Azure Storage](search-indexer-howto-access-trusted-service-exception.md).
0 commit comments