Is it possible to implement user based security on Azure Search?

Question

In Azure Search we can create multiple indexes for different search results, and we have two types of api-key. One is for administation and other one is for querying. But with same api-key users can search all indexes.

In my solution I need to design a system so that different users that use the system will get different results by their previleges. I thought this could be solved with dedicated indexes for each role but still users can query other indexes if they want to.

How can I be sure that every user can ONLY be able to search on particular a index.

Answer 1

Out of the box it is not possible to restrict the key usage for a specific index. You would need to do something on your own.

Other possibility would be to create different search service accounts and then creating indexes in them instead of having one account. You can then grant access to your users to appropriate search service account.

UPDATE

Based on your comments, you're actually looking to restrict search results (documents) by user's role i.e. going one level deeper than indexes. To achieve this, what you could do is dynamically append this role criteria to your search query as OData Filter. For example, let's say your index has boolean fields for each role type (Administrator, User etc. etc.) and the user searches for some keyword. Then what you could do is create an OData Filter $filter where you check for these conditions. So your search URL would look something like:

https://<search-service-name>.search.windows.net/indexes/<index-name>/docs?search=<search-string>&$filter=Administrator%20eq%20true

That way Search Service is doing all the filtering and you don't have to do anything in your code.

You can learn more about query options here: https://msdn.microsoft.com/en-us/library/azure/dn798927.aspx.