[AI Search] Minimum RBAC role for AI search when selecting it as data source in AI studio playground

This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Community Hub.

When choosing AI Search as your data source for your AI Studio Playground, ensuring maximum security is crucial. In this article, you will learn how to configure minimum RBAC of AI Search, when using it as a data source for AI Studio Playground.


Please be aware that in this scenario, the minimum requirement is only to read and write access to content in indexes. Therefore, you will be unable to manage the AI Search services.


I. What is RBAC and what roles are there?

Before jumping into the article, if you are not familiar with Azure AI Studio Playground, please check this article first.


RBAC is short for role-based access control. It is an authorization system where you can use to manage access to Azure AI Search and other Azure resources as well. If you are new to this concept, take a look at this document.


There are six roles that can be chosen depending on your needs. Each role has a plane, which is divided into control and data plane. Control would be managing the AI Search service and data would be getting access or writing the Index. For more detailed explanation of the terminology, please check this link to understand what these two plane operations stand for.




II. What role should I assign and how?


Step 1. For minimum access, assign Search Index Contributor role.

In this role, as you will be able to import, refresh, or query the documents collection of an index. However, you are unable to create or manage the index.


Step 2. Go to your AI Search from Azure Portal and click on Access control (IAM) on your left panel.




Step 3. Click on Grant access to this resource, which then you will move to ‘Add role assignment’ page.

From here search, Search Index Contributor

Click on the role and press Next at the bottom of the screen.



Step 4. Select the member whom you would like to grant access to.




Step 5. Go to AI Studio Playground and move to chat to add the data. From there press add your data source.

Choose AI Search as your data source. The RBAC does take a few minutes to be applied.

If you are seeing your AI Search Resource and the Index, then you are all set!  




III. What is the limitation?

As previously stated, it’s important to note that the minimal requirement in this context is solely read and write access to index content. Should your needs extend beyond these permissions, it is imperative to review and select the appropriate role. Be advised that with this minimal role, managing AI Search services will not be possible.


IV. Conclusion

Hope this article has helped you configure the minimum RBAC role for your AI Search, when selecting it as your data source in Azure AI Studio Playground. It is crucial to choose a role that aligns with your specific requirements. Always prioritize your security and ensure proper access management via the RBAC (Role-Based Access Control) role. If you have questions or need help, create a support request, or ask Azure community support.

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.