azure-search-openai-demo
azure-search-openai-demo copied to clipboard
Azure-Samples
How to handle non-public data
Please provide us with the following information:
This issue is for a: (mark with an x)
- [ ] bug report -> please search issues before submitting
- [X ] feature request
- [X ] documentation issue or request
- [ ] regression (a behavior that used to work and stopped in a new release)
Minimal steps to reproduce
As I understand the code all files in the data folder is assumed to be public, but in the video a file is uploaded that holds priviliged information. This is a key feature for corporate use of own data with ChatGPT. Please provide a sample that show how to specify a person/group that can see some priviliged information that can be uploaded in the sample.
Any log messages given by the failure
Expected/desired behavior
OS and Version?
Windows 7, 8 or 10. Linux (which distribution). macOS (Yosemite? El Capitan? Sierra?) Win11
azd version?
run
azd versionand copy paste here. azd version 0.8.0-beta.2 (commit 429b6ccf9a9d1616efa8988f2f8561deeb464c71)
Versions
Mention any other details that might be useful
Otherwise a great sample, to use for showing corporate usage of ChatGPT
Thanks! We'll be in touch soon.
If you are using the Azure OpenAI resources in your tenant, I believe the data, and indexes and all other resources reside within your tenant on Azure (private to your access). The OpenAI resource is also private to you, but to make it truly private to your organization, you will have to request that Azure not retain any logs from your resource.
@Erik-Nordahl explained here https://www.youtube.com/live/ujugapNEz4o?feature=share&t=1175
Thanks. Good video. This answers another question I had, but maybe I didn't explain my question properly: I will have some documents that are not public within our company. Say, a management report, that I would like management to be able to have included when using the AI/ChatGPT, but all non-management should not be able to see/query this document. In the original MS video a document is uploaded about a company move, that is only known/visible to some users. How do I achieve this?
@Erik-Nordahl I would probably do this through the Application side of what you are building. Depending on what user is authenticated to your app, you can have this enterprise search repo connected to a different index in the Cognitive Search resource. If a user is just a regular employee who doesn't have access to management documents, their searchbot would access a 'employee' index you've created. If a user is management employee, then maybe they have access to both the 'employee' and 'management' indexes. It's really up to your implementation.
I've taken this code as a starting point and modified it to use indexes built on csv files and SQL Db's as well, so i have between 4-6 indexes that my app switches between depending on the context of what the user wants to know about.
Hm...the "Management Report" in this context is uploaded to Azure Cognitive Search as a separate index...interesting. Then depending on who is logged in, the app directs the query to the appropriate index. That's a nice approach.
Another crux though, is that after the Management Report query is executed, the search results are sent to OpenAI, (via your Azure OpenAI instance) and combined with the original user prompt, correct?
So the employees who don't have permission to see the Management Report are shielded from seeing, but OpenAI "sees" the data.
We should look at this https://github.com/Azure-Samples/azure-search-openai-demo/issues/228
Looks like this is the supported answer to the question, right?
https://learn.microsoft.com/en-us/azure/search/search-security-trimming-for-azure-search-with-aad
@TimoRiikonenIF Yes, another Microsoft employee suggested it in this very related thread: https://github.com/Azure-Samples/azure-search-openai-demo/issues/274
Looks like this is the supported answer to the question, right?
https://learn.microsoft.com/en-us/azure/search/search-security-trimming-for-azure-search-with-aad
So, how can I implement this here?
Yes, I would like to ask the same question. I didn't find the way to implement this either.
Get Outlook for Androidhttps://aka.ms/AAb9ysg
From: Salvador Fuentes Azócar @.> Sent: Friday, August 4, 2023 8:18:56 PM To: Azure-Samples/azure-search-openai-demo @.> Cc: Timo Riikonen @.>; Mention @.> Subject: Re: [Azure-Samples/azure-search-openai-demo] How to handle non-public data (Issue #214)
Looks like this is the supported answer to the question, right?
https://learn.microsoft.com/en-us/azure/search/search-security-trimming-for-azure-search-with-aad
So, how can I implement this here?
— Reply to this email directly, view it on GitHubhttps://github.com/Azure-Samples/azure-search-openai-demo/issues/214#issuecomment-1665943912, or unsubscribehttps://github.com/notifications/unsubscribe-auth/BARCGRDF2YSG4LFFAGPLS7TXTUVIBANCNFSM6AAAAAAYFAKSEE. You are receiving this because you were mentioned.Message ID: @.***>
cc @mattmsft who is merging a PR to enable document-level access control.
This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this issue will be closed.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
This request is now covered by our access control feature: https://github.com/Azure-Samples/azure-search-openai-demo/blob/main/docs/login_and_acl.md