Share via

Enhance SharePoint indexer with document ACL

BogdanPi 35 Reputation points
2023-08-04T09:02:38.6+00:00

Context:

I am using the SharePoint indexer to ingest data into Azure Search. I need to enhance the indexing process to include the documents ACL (AD Groups) to enable security trimming.

The easiest way that comes to mind is to use a SkillSet that would include a custom skill (an Azure Function) that would return the AD Groups of a document based on its path.

Question:

How can I pass the file path to the skill input? Based on the docs, the input of the skills is the document itself. Is there a way to map other information to the "/document" context or a different context?

Azure AI Search
Azure AI Search
An Azure search service with built-in artificial intelligence capabilities that enrich information to help identify and explore relevant content at scale.
1,339 questions
Microsoft 365 and Office SharePoint For business Windows
Accepted answer
  1. brtrach-MSFT 17,731 Reputation points Microsoft Employee Moderator
    2023-08-04T23:48:36.2266667+00:00

    @BogdanPi To pass the file path to a custom skill in a SkillSet, you can use the "inputs" property of the skill definition to map the file path to a custom field in the "/document" context.

    For example, you can define a custom field called "filePath" in the "/document" context and map it to the file path using the "source" property of the "inputs" object. Here's an example of how you can define the custom skill in the SkillSet JSON:

    {
  "@odata.type": "#Microsoft.Skills.Custom.WebApiSkill",
  "name": "GetDocumentACL",
  "description": "Returns the AD Groups of a document based on its path",
  "uri": "https://myfunctionapp.azurewebsites.net/api/GetDocumentACL",
  "httpMethod": "POST",
  "timeout": "PT30S",
  "batchSize": 1,
  "context": "/document",
  "inputs": [
    {
      "name": "filePath",
      "source": "/document/path"
    }
  ],
  "outputs": [
    {
      "name": "groups",
      "targetName": "acl"
    }
  ]
}

    In this example, the custom skill is defined as a WebApiSkill that calls an Azure Function at the specified URI. The "inputs" property maps the "filePath" field to the "/document/path" context, which should contain the file path of the document. The "outputs" property maps the output of the custom skill to a field called "acl" in the "/document" context.

    Once you have defined the custom skill in the SkillSet, you can use it in an indexer to extract the AD Groups of each document and store them in the index. You can then use the "search.in()" function in your search queries to filter the results based on the user's AD Groups.

    2 people found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.