We are excited to announce that Azure Cognitive Search now offers support for role-based access control (RBAC) and Azure Active Directory (Azure AD) authentication for data plane operations, which are now generally available. These features allow Developers to secure their search indexes and queries with RBAC, thereby controlling access to data plane operations such as creating, loading, and querying indexes. This eliminates the need for key-based authentication, making the process more secure.
Importance of securing Cognitive Search indexes and queries with Azure RBAC
Azure role-based access control (RBAC) offers a secure approach to managing access to indexes and queries. Developers will be able to define what actions a user can perform over them, limiting access to only those who need it, reducing the risk of unauthorized access. In contrast, when using key-based authentication, developers need to provide full admin access to the entire service or query-only access to an index, with no way to prevent the key from being misused or abused.
With Azure AD, credentials don’t need to be stored in code, providing improved integration with other Azure security features such as managed identities. For more information on the benefits of incorporating Azure AD into applications, refer to the article Integrating with Azure Active Directory.
Provide access to a single index or other Cognitive Search resource (i.e., indexer, skillset, data source, etc.) - rather than giving access to the entire search service. This is especially useful in multi-tenant scenarios.
Use built-in roles or define custom roles
Using built-in roles or defining custom roles is possible for supporting common data plane operations scenarios. There are three built-in roles: