![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Azure OpenAI Service
An Azure service that provides access to OpenAI’s GPT-3 models with enterprise capabilities.
4,080 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 74%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
Sikder Tahsin Al Amin Greetings!
Is it possible to do it via Azure OpenAI API and/or playground? How do I restrict access to certain documents based on user role (considering I've only one cognitive search service/azure storage)?
You can implement Document-level access control on your data.
Azure OpenAI On Your Data lets you restrict the documents that can be used in responses for different users with Azure AI Search security filters. When you enable document level access, the search results returned from Azure AI Search and used to generate a response will be trimmed based on user Microsoft Entra group membership. You can only enable document-level access on existing Azure AI Search indexes.
Please note that Document-level access control is supported for Azure AI search only.
If you are trying to control access to the Azure OpenAI Service resource itself, you could leverage the built-in roles for Azure RBAC to control access.
Please note that RBAC applies to Azure resources, not to the chat itself.
However, you can use the chat to authenticate users and retrieve information from your blob container based on their RBAC roles.
As per your scenario, you can try creating different roles in Azure RBAC that correspond to the different levels of access you want to grant to your employees. For example, you can create a role that grants read-only access to the blob container for employees, and a role that grants read-write access to the same blob container for managers etc.,
Once you have created the roles, you can assign them to the appropriate users or groups in your organization.
Please see Role-based access control for Azure OpenAI Service and Azure custom roles for more details.
You can also check the sample web app that gets deployed to an App Service can be protected with Azure AD. You need to modify the sample app as per your scenarios.
See Restrict your Microsoft Entra app to a set of users in a Microsoft Entra tenant for more details.
I hope this helps. Let me know if you have any further queries.
If the response helped, please do click Accept Answer and Yes for was this answer helpful.