skip to Main Content

Architecture:

I have my data as files in SharePoint, I want to use Azure AI search to query the data but also apply security filters for document level restriction.

I created a new application which has access to that SharePoint.

I get User ID get’s passed to the python code from front end, where I can get the list of groups user has access to. So I can use this Group ID’s to restrict the access he has to on search with security filters.

As indexer doesn’t pull these permissions into the index (Link) I need to add new field GroupsID. This field need to be populated with File groups for each files that are indexed. How can I add them to the Index, so I can restrict user access to files one has.

I Tried crawling through the file SharePoint to generate a dict of file_id’s and it’s associated GroupsID’s. But my key is "metadata_spo_site_library_item_id", and it’s not matching with the site ID, library ID, and item ID combination when I’m generating manually. Even so is it possible to update with this dict ?

2

Answers


  1. Chosen as BEST ANSWER

    I have figured out the solution. You can use "@search.action": "mergeOrUpload" with your key field to update the indexed indexer

    Reference here


  2. What you are attempting to do is, as of this writing, not supported with Azure AI Search out of the box. From Index data from SharePoint document libraries§Limitations and considerations (emphasis mine):

    • SharePoint supports a granular authorization model that determines per-user access at the document level. The indexer doesn’t pull these permissions into the index, and Azure AI Search doesn’t support document-level authorization. When a document is indexed from SharePoint into a search service, the content is available to anyone who has read access to the index. If you require document-level permissions, you should consider security filters to trim results and automate copying the permissions at a file level to a field in the index.
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search