You granted Reader access to a group of users to allow them to search service operations, such as index management and querying search data.
However, users provided feedback that they are unable to perform the intended functions.
Which action will you perform to address the concern? (Select one option)
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: A.
Option A is correct because the API key is the sole mechanism for authenticating inbound requests to your search service endpoint and is required on every request.
Option B is incorrect because Contributor Role provides access to create or delete the service.
However, it does not grant access rights to the service endpoint.
Search service operations are controlled through API keys.
Option C is incorrect because the service principal can gain access to portal resources through RBAC.
Search service operations are controlled through API keys.
Option D is incorrect because the Owner Role provides access to create or delete the service.
However, it does not grant access rights to the service endpoint.
Search service operations are controlled through API keys.
Reference:
To learn more about authorizing access through Azure roles in Azure Cognitive Search, use the link given below:
The situation described in the question suggests that although the group of users was granted Reader access to a service, they are still unable to perform the intended functions related to index management and querying search data. Therefore, there is a need to identify an appropriate course of action to address this concern.
Option A suggests using API keys to grant access for content operations on the service. API keys are used to authenticate and authorize access to REST APIs or other web services. While API keys are useful for granting access to external applications or services, they are not a suitable option for granting access to a group of users, as they require additional programming and management overhead. Therefore, Option A is not the correct choice for addressing the concern.
Option B proposes granting Contributor Role to the group of users through the IAM page of resource group in Azure Portal. The Contributor Role provides users with full access to manage resources within a resource group, including the ability to create, modify, and delete resources. While granting Contributor Role can provide the necessary permissions to perform content operations, it also grants excessive privileges to manage resources within the resource group, which can be a security risk. Therefore, Option B is not the optimal solution for addressing the concern.
Option C suggests using a Service Principal to grant access for content operations on the service. A Service Principal is an identity created in Azure Active Directory that can be used to authenticate applications and services to access Azure resources. Service Principal can be granted access to resources with specific roles or permissions, making it a suitable option for granting access to content operations without exposing the user credentials or granting unnecessary privileges. Therefore, Option C is a viable choice for addressing the concern.
Option D proposes granting Owner Role to the group of users through the IAM page of the resource group in Azure Portal. The Owner Role provides users with full access to manage resources, including the ability to modify access policies, change ownership, and delete resources. As with the Contributor Role, granting the Owner Role can create a security risk by granting excessive privileges to the users. Therefore, Option D is not the optimal choice for addressing the concern.
In conclusion, the most appropriate option to address the concern of users not being able to perform intended functions related to index management and querying search data, while ensuring that security risks are minimized, is to use a Service Principal to grant access for content operations on the service.