You are developing an application that will use Azure Cognitive Search for internal documents.
You need to implement document-level filtering for Azure Cognitive Search.
Which three actions should you include in the solution? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
To implement document-level filtering for Azure Cognitive Search, you should follow three steps: First, retrieve the group memberships of the user to determine which groups the user belongs to. Second, add allowed groups to each index entry to specify which groups have access to which documents. Third, supply the groups as a filter for the search requests to ensure that search results are filtered based on the user's group memberships. This approach allows you to securely trim search results and ensure that users can only access documents they are authorized to view.
D: Add allowed groups to each index entry. Your documents must include a field specifying which groups have access. Reference: https://docs.microsoft.com/en-us/azure/search/search-security-trimming-for-azure-search#create-security-field C: You need to get the membership of the user F. Supply the groups as a filter for the search requests. "In order to trim documents based on group_ids access, you should issue a search query with a group_ids/any(g:search.in(g, 'group_id1, group_id2,...')) filter, where 'group_id1, group_id2,...' are the groups to which the search ##request issuer belongs##." Reference: https://docs.microsoft.com/en-us/azure/search/search-security-trimming-for-azure-search
Shouldn't the first step be getting all the groups? As when you create a security field, you'll need the the group ids. I'm not certain what the group membership of the user means.
I guess this is the user using the aplication, therefore we must get groups to which he belongs.
According to ChatGPT, the correct answers are ACF : To implement document-level filtering for Azure Cognitive Search, the following three actions should be included in the solution: A. Send Azure AD access tokens with the search request: This will allow Azure Cognitive Search to authenticate the user and retrieve their group memberships. C. Retrieve the group memberships of the user: This information is necessary to determine which documents the user is allowed to access. F. Supply the groups as a filter for the search requests: This will allow you to filter the search results based on the user's group memberships. Therefore, the correct answers are A, C, and F.
A, C, F https://learn.microsoft.com/en-us/azure/search/search-howto-aad?tabs=config-svc-portal%2Caad-dotnet A key benefit of using Azure AD is that your credentials and API keys no longer need to be stored in your code. Azure AD authenticates the security principal (a user, group, or service) running the application. If authentication succeeds, Azure AD returns the access token to the application, and the application can then use the access token to authorize requests to Azure Cognitive Search. https://learn.microsoft.com/en-us/azure/search/search-security-trimming-for-azure-search-with-aad This article demonstrates how to use Azure Active Directory (AD) security identities together with filters in Azure Cognitive Search to trim search results based on user group membership.
C, D and F are the correct answers
CDF is the answer. https://learn.microsoft.com/en-us/azure/search/search-security-trimming-for-azure-search Cognitive Search doesn't provide document-level permissions and can't vary search results from within the same index by user permissions. As a workaround, you can create a filter that trims search results based on a string containing a group or user identity. https://learn.microsoft.com/en-us/azure/search/search-security-trimming-for-azure-search#apply-the-security-filter-in-the-query In order to trim documents based on group_ids access, you should issue a search query with a group_ids/any(g:search.in(g, 'group_id1, group_id2,...')) filter, where 'group_id1, group_id2,...' are the groups to which the search request issuer belongs.
Right at the bottom of the page: For an alternative pattern based on Azure Active Directory, or to revisit other security features, see the following links. • Security filters for trimming results using Active Directory identities • Security in Azure Cognitive Search
The possible answers make no sense to me
A is wrong. Cognitive Search wouldn’t know how to handle the token handed to it. All you app does is to come up with the right filter and send it to the Cognitive Search service via a request. You also need to index the documents with the group info so later the Cognitive Service can do a proper filtering on them.
C D F are my choices
The answer is correct as well as the explanation/reference provided
The given answer CDF is CORRECT! C. Retrieve the group memberships of the user. To understand which documents the user is allowed to access. D. Add allowed groups to each index entry. To tag documents with the groups that can access them. F. Supply the groups as a filter for the search requests. To ensure that search results are filtered according to the user's group memberships.
We need to implement document-level filtering now. So retrieve the group memberships, add allowed groups, supply the groups as a filter. CDF are correct answer.
I say this answer is C, D and F.
group memberships Add allowed groups to each index entry. search requests
Selected Answer: CDF