You have a requirement to limit search results in your Azure Cognitive Search based on the user groups.
That way only the users who are authorized to access the documents should be able to view them.
You applied the equality expressions to achieve the objective.
However, the expressions have become tedious to maintain and hence you want to apply a simpler and faster approach of security filtering to meet the requirements.
Review the steps below and choose three steps that you will choose to accomplish security filtering.
Click on the arrows to vote for the correct answer
A. B. C. D. E.Correct Answers: A, C and D.
Option A is correct because this field is used to specify which groups have access to the documents.
The field is made filterable and the search results are filtered based on the user access.
Option B is incorrect because customer managed keys are not relevant for this use case.
They are used in the context of blob storage where data encryption uses customer-provided keys for data encryption.
Option C is correct because you would need to add or update the group ids in the JSON documents using the POST method.
Option D is correct because to limit the access to the groups, you have to specify the filter.
Option E is incorrect because creating a service principal in the scenario is not relevant.
The requirement is met through a filter on the documents based on user groups.
Reference:
To learn more about Security in Cognitive Search, use the link given below:
Sure, I can provide you with a detailed explanation of the steps to accomplish security filtering in Azure Cognitive Search.
Create a field that contains the principal identifiers: This step involves creating a new field in your search index that contains the principal identifiers of the users who are authorized to access the documents. This field can be used as a filter to limit search results based on the user groups. You can add the principal identifiers to the field when you create or update the documents in the search index. This approach is useful if you have a small number of principal identifiers to manage, and if you don't need to update them frequently.
Update existing documents with principal identifiers: This step involves updating the existing documents in your search index with the principal identifiers of the users who are authorized to access them. This can be done by adding a new field to the documents or updating an existing field. You can use the Azure Search REST API or the Azure Search .NET SDK to update the documents in bulk. This approach is useful if you have a large number of documents to update, and if you need to update the principal identifiers frequently.
Issue a search request with search.in filter: This step involves issuing a search request with a search.in filter that limits the search results based on the user groups. The search.in filter allows you to filter the search results based on the values in the field that contains the principal identifiers. You can specify the values of the principal identifiers that are allowed to access the documents in the search.in filter. This approach is useful if you want to apply the security filtering at search time, and if you don't want to update the documents in the search index frequently.
Create customer managed keys & store them in key vault: This step involves creating and managing customer-managed keys for encrypting the search index data. While this is an important security measure, it is not directly related to accomplishing security filtering in Azure Cognitive Search.
Create a service principal in Azure Active Directory: This step involves creating a service principal in Azure Active Directory that can be used to access Azure Cognitive Search. While this is an important step in securing your search solution, it is not directly related to accomplishing security filtering in Azure Cognitive Search.
In summary, the three steps that you can choose to accomplish security filtering in Azure Cognitive Search are:
Which steps you choose depends on the specific requirements of your search solution.