You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/search/search-security-overview.md
+9-15Lines changed: 9 additions & 15 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -8,7 +8,7 @@ author: HeidiSteen
8
8
ms.author: heidist
9
9
ms.service: cognitive-search
10
10
ms.topic: conceptual
11
-
ms.date: 11/04/2019
11
+
ms.date: 03/25/2020
12
12
---
13
13
14
14
# Security and data privacy in Azure Cognitive Search
@@ -52,7 +52,7 @@ All Azure services support role-based access controls (RBAC) for setting levels
52
52
53
53
<aname="service-access-and-authentication"></a>
54
54
55
-
## Service access and authentication
55
+
## Endpoint access
56
56
57
57
### Public access
58
58
@@ -69,19 +69,11 @@ There are two levels of access to your search service, enabled by two types of k
69
69
70
70
Authentication is required on each request, where each request is composed of a mandatory key, an operation, and an object. When chained together, the two permission levels (full or read-only) plus the context (for example, a query operation on an index) are sufficient for providing full-spectrum security on service operations. For more information about keys, see [Create and manage api-keys](search-security-api-keys.md).
71
71
72
-
> [!Important]
73
-
> **Private Endpoint** and **virtual network** support features for Azure Cognitive Search are available [upon request](https://aka.ms/SearchPrivateLinkRequestAccess) as a limited-access preview. Preview features are provided without a service level agreement, and are not recommended for production workloads. For more information, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).
74
-
>
75
-
> Once you are granted access to the preview, you'll be able to configure Private Endpoints for your service and create a virtual network using the Azure portal or the [Management REST API version 2019-10-06-Preview](https://docs.microsoft.com/rest/api/searchmanagement/).
72
+
### Restricted access
76
73
77
-
The **IpRule** feature is in preview as well and can only be applied when using the [Management REST API version: 2019-10-01-Preview](https://docs.microsoft.com/rest/api/searchmanagement/index-2019-10-01-preview).
78
-
>
74
+
When you have a public service and you want to restrict the use of the service you can use the IP restriction rule in the Management REST API version: 2020-03-13, [IpRule](https://docs.microsoft.com/rest/api/searchmanagement/2020-03-13/createorupdate-service#iprule-). IpRule allows you to restrict access to your service by identifying IP addresses, individually or in a range, that you want to grant access to your search service.
79
75
80
-
### Restricted access (preview)
81
-
82
-
When you have a public service and you want to restrict the use of the service you can use the IP restriction rule in the Management REST API version: 2019-10-01-Preview, [IpRule](https://docs.microsoft.com/rest/api/searchmanagement/2019-10-01-preview/createorupdate-service#iprule-). IpRule allows you to restrict access to your service by identifying IP addresses, individually or in a range, that you want to grant access to your search service.
83
-
84
-
### Private access (preview)
76
+
### Private access
85
77
86
78
[Private Endpoints](https://docs.microsoft.com/azure/private-link/private-endpoint-overview) for Azure Cognitive Search allow a client on a virtual network to securely access data in a search index over a [Private Link](https://docs.microsoft.com/azure/private-link/private-link-overview). The private endpoint uses an IP address from the virtual network address space for your search service. Network traffic between the client and the search service traverses over the virtual network and a private link on the Microsoft backbone network, eliminating exposure from the public internet.
87
79
@@ -97,11 +89,13 @@ Administrator and developer access to indexes is undifferentiated: both need wri
97
89
98
90
For multitenancy solutions requiring security boundaries at the index level, such solutions typically include a middle tier, which customers use to handle index isolation. For more information about the multitenant use case, see [Design patterns for multitenant SaaS applications and Azure Cognitive Search](search-modeling-multitenant-saas-applications.md).
99
91
100
-
## Admin access
92
+
## Authentication
93
+
94
+
### Admin access
101
95
102
96
[Role-based access (RBAC)](https://docs.microsoft.com/azure/role-based-access-control/overview) determines whether you have access to controls over the service and its content. If you are an Owner or Contributor on an Azure Cognitive Search service, you can use the portal or the PowerShell **Az.Search** module to create, update, or delete objects on the service. You can also use the [Azure Cognitive Search Management REST API](https://docs.microsoft.com/rest/api/searchmanagement/search-howto-management-rest-api).
103
97
104
-
## User access
98
+
###User access
105
99
106
100
By default, user access to an index is determined by the access key on the query request. Most developers create and assign [*query keys*](search-security-api-keys.md) for client-side search requests. A query key grants read access to all content within the index.
0 commit comments