Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Document-level security is not working as expected #1148

Open
oliver-chao opened this issue Oct 25, 2024 · 3 comments
Open

Document-level security is not working as expected #1148

oliver-chao opened this issue Oct 25, 2024 · 3 comments

Comments

@oliver-chao
Copy link

I attempted to implement document-level security in the chatbot by creating a group_ids field in my Azure AI Search index and adding it to the environment variables in App Service. However, I'm still receiving results that should be restricted based on my login group information. I’ve verified in the logs that the group data is correctly obtained and passed to the search filter, yet it still isn’t functioning as expected. Has anyone else encountered this issue, or is there a step I might have missed?
@oliver-chao
Copy link
Author

I didn\t see filter in the request body. The filter is dumped into model's paramters. Shouldn't we set filter: Optional[str] = Field(default=None, exclude=False) instead of (exclude = True) ?

@borgerta
Copy link

@oliver-chao I was running into the same issue. I was able to fix the issue by modifying the filter definition as you suggested:

filter: Optional[str] = None

Documents now appear to be appropriately restricted.

@2gad
Copy link

2gad commented Jan 14, 2025
edited
Loading

Hi @oliver-chao , @borgerta - wondering if you could help?

Once I get the group_ids in the model_args I am not getting back the expected result but instead the following error:

There was an error generating a response. Chat history can't be saved at this time. Error code: 400 - {'error': {'requestid': '****************************', 'code': 400, 'message': 'An error occurred when calling Azure Cognitive Search: Azure Search Error: 400, message='Server responded with status 400. Error message: {"error":{"code":"","message":"Invalid expression: Could not find a property named \'True\' on type \'search.document\'.\\r\\nParameter name: $filter"}}', url='[https://xxxxxx.search.windows.net/indexes/index/docs/search?api-version=2024-03-01-preview](https://xxxxxx.search.windows.net/indexes/index/docs/search?api-version=2024-03-01-preview%5C)'\nPotential issue with Azure search filter. Please ensure all field names in the filter are correct and syntax is correct for filter.'}}

Here is how my index is defined:

{
"name": "index",
"fields": [
.. OTHER FIELDS ..
{
"name": "group_ids",
"type": "Collection(Edm.String)",
"key": false,
"retrievable": true,
"stored": true,
"searchable": false,
"filterable": true,
"sortable": false,
"facetable": false,
"synonymMaps": []
}
.. Rest of definition ..
}

Any ideas on what I could be doing wrong?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@oliver-chao @2gad @borgerta