How to enable row level security in Azure AI's semantic search?

Sanket Ghorpade 0 Reputation points
2024-02-01T09:04:59.0866667+00:00

How can we achieve similar "row level security" like traditional table-based data access in Azure AI when fetching authorized data specific to a logged-in or authenticated user? I have looked into prompt flow and RBAC in AI Search but have not found many details on this.

Azure AI Search
Azure AI Search
An Azure search service with built-in artificial intelligence capabilities that enrich information to help identify and explore relevant content at scale.
1,348 questions
Azure AI services
Azure AI services
A group of Azure services, SDKs, and APIs designed to make apps more intelligent, engaging, and discoverable.
3,614 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. brtrach-MSFT 17,736 Reputation points Microsoft Employee Moderator
    2024-02-02T00:24:27.0833333+00:00

    @Sanket Ghorpade To enable row-level security in Azure AI's semantic search, you can use Search's integrated security features. Search supports Microsoft's Entra ID authentication and role-based access control (RBAC) for data plane operations.

    With Entra ID authentication, you can authenticate users and applications with Entra ID, and then use Entra ID to authorize access to your search service. This allows you to control access to your search service and its resources based on the user's identity and role. With RBAC, you can assign roles to users and groups in Entra ID to control access to search content and operations. You can use built-in roles or create custom roles to grant permissions to users and groups. To implement row-level security, you can use filters to restrict search results based on the user's identity and role. For example, you can add a filter to a search query that limits the results to documents that match the user's department or location. Here is an example of how to use filters to implement row-level security in Search: Define a filter expression that restricts search results based on the user's identity and role. For example, you can use the following filter expression to limit search results to documents that match the user's department:

    search=*&$filter=Department eq '{user.department}'
    

    Replace {user.department} with the user's department, which you can retrieve from Azure AD.

    1. Add the filter expression to your search query. For example, you can use the following search query to retrieve documents that match the user's department:
       GET https://[<span class=" active-doc-0" data-doc-items="0">service name].search.windows.net/indexes/[index name]/docs?search=*&$filter=Department eq 'Sales<a href="#doc-pos=0" data-tag-index="1"></a></span>'
       
    

    Note that this is just an example, and you will need to customize the filter expression to match your specific requirements.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.