Azure AI Search
An Azure search service with built-in artificial intelligence capabilities that enrich information to help identify and explore relevant content at scale.
Authentication/RBAC
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 21%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECC%3C/text%3E%3C/svg%3E)
Craig Colley
0
Reputation points
"Facing errors adding index in AI Studio (oandm-rag) with Azure AI Search (oandmsearch) and Blob Storage (oandmstorage). Error: 'Azure AI Search resource has disabled RBAC authentication' and missing roles (Search Index Data Reader, Storage Blob Data Contributor) for MI (Object ID: b3e39ac8-71ee-4865-9dc1-6053b235b978). Tried enabling RBAC and roles, but no Identity tab on Search."Additionally, the 'Add your data' or indexing option remains grayed out in Azure AI Studio (oandm-rag) Playground Chat, possibly due to the same RBAC/Authentication misconfiguration."
Azure AI Search
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 7.000000000000001%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPM%3C/text%3E%3C/svg%3E)
Praneeth Maddali 1,110 Reputation points Microsoft External Staff Moderator2025-10-23T10:52:15.4866667+00:00 Hi @Craig Colley
Thanks for reaching us regarding the error Azure AI Search resource has disabled RBAC authentication we started checking on it we will share our suggestions ASP
-
Praneeth Maddali 1,110 Reputation points Microsoft External Staff Moderator
2025-10-23T11:59:36.69+00:00 Hi @Craig Colley
Thanks for reaching out regarding the RBAC and indexing issues in Azure AI Studio. The errors indicate that RBAC authentication is disabled on your Azure AI Search resource and that the required managed identities and role assignments are not yet fully configured.
Here’s how you can resolve this and re-enable the “Add your data” option:
Step 1: Enable Managed Identities
- For your Azure OpenAI resource and Azure AI Search (oandmsearch), navigate to Identity > System assigned, set Status to On, and click Save.
- If you don't see the Identity tab, make sure you have Owner or Contributor permissions and that oandmsearch is using the Basic SKU or higher, as the Free tier does not support managed identities.
- Set up managed identities as needed.
Step 2: Enabling RBAC for Azure AI Search
- Navigate to oandmsearch > Settings > Keys, then select Role-based access control (or Both) and click Save.
- Ensure that RBAC is enabled.
Step 3: Assign the necessary roles
- For the OpenAI MI (Object ID: b3e39ac8-71ee-4865-9dc1-6053b235b978):
- On oandmsearch: assign the Search Index Data Reader and Search Service Contributor roles.
- On oandmstorage: assign the Storage Blob Data Contributor role.
- For the AI Search MI (check the Object ID under oandmsearch > Identity):
- On the OpenAI resource: assign the Cognitive Services OpenAI Contributor role.
- On oandmstorage: assign the Storage Blob Data Reader role.
- Assign the necessary roles for Azure OpenAI.
- On the OpenAI resource: assign the Cognitive Services OpenAI Contributor role.
- On oandmsearch: assign the Search Index Data Reader and Search Service Contributor roles.
- Connect AI Search to storage.
Step 4: Review Networking Settings (if needed)
- If private endpoints are enabled, make sure "Allow trusted Microsoft services" is enabled in the Networking settings for both oandmsearch and oandmstorage.
- Refer to networking guidance as required.
Step 5: Testing in AI Studio
- Allow 10–15 minutes for role propagation, then refresh AI Studio and use the “Add your data” option in Playground Chat.
- Verify that your user account has the Cognitive Services OpenAI Contributor role on the OpenAI resource.
- Working with your data in Azure OpenAI
Troubleshooting Tips:
- Is oandmsearch currently on the Free tier? If so, consider upgrading to Basic or higher.
- Are all resources, including OpenAI, AI Search, and Storage, located in supported regions? Please check region support.
- If private endpoints are being used, verify VNet/DNS settings and ensure trusted services are configured.
- Check that the data source path in AI Studio is directed to the correct oandmstorage container.
- Are there any other error messages appearing during indexing?
Reference:
https://free.blessedness.top/en-us/entra/identity/managed-identities-azure-resources/overviewhttps://free.blessedness.top/en-us/azure/role-based-access-control/role-assignments-portal
https://free.blessedness.top/en-us/azure/storage/common/storage-network-security
https://free.blessedness.top/en-us/azure/ai-foundry/
Kindly let us know if the above helps or you need further assistance on this issue.
Please "upvote" if the information helped you. This will help us and others in the community as well.
-
Craig Colley 0 Reputation points
2025-10-23T14:34:37.7033333+00:00 Hi,
I'm still getting a mesage, although seems to be a little differnt:
Failed to validate the selected authentication type. Please resolve the following errors and click next. Learn more about how to fix validation errors - The Azure AI Search system assigned managed identity doesn't have required role assignment to Azure OpenAI resource: Cognitive Services OpenAI Contributor. Adding role assignments takes about 10 minutes to take effect.
I have done all of the steps you suggested and left it 10 minutes. It's also worth pointing out that when I am trying to do this add data, I am choosing the Storage blob, and the indexing option is grayed out in the first screen.
Thesea re the roles and profile access I've given based on your inputs:
Edited PII information
-
Craig Colley 0 Reputation points
2025-10-23T14:36:09.8+00:00 roubleshooting Tips:
- Is oandmsearch currently on the Free tier? If so, consider upgrading to Basic or higher.
- Its basic
- Are all resources, including OpenAI, AI Search, and Storage, located in supported regions? Please check region support.
- All in West Europe
- If private endpoints are being used, verify VNet/DNS settings and ensure trusted services are configured.
- They are public
- Check that the data source path in AI Studio is directed to the correct oandmstorage container.
- HOw do I do this?
- Are there any other error messages appearing during indexing?
- It's not at the point of indexing, it doesnt pass the 'add data' screen
- Is oandmsearch currently on the Free tier? If so, consider upgrading to Basic or higher.
-
Praneeth Maddali 1,110 Reputation points Microsoft External Staff Moderator
2025-10-23T16:52:17.9233333+00:00 Hi @Craig Colley
Thank you for your patience and for sharing the detailed role assignments. The error message "The Azure AI Search system assigned managed identity doesn't have required role assignment to Azure OpenAI resource: Cognitive Services OpenAI Contributor" likely points to a propagation delay, as Azure role changes may take 30-60 minutes to apply. Also, the grayed-out indexing option in "Add your data" probably means that an embedding model deployment is missing, which is necessary for vector search (the default for RAG in Azure AI Studio). Since you're on the Basic tier in West Europe with public endpoints and the roles seem correctly assigned, here’s a plan to help resolve the issue and clarify your question about the data source path.
Suggested Steps
- Re-apply the Cognitive Services OpenAI Contributor role:
- Sometimes, role propagation can be delayed in Azure's distributed systems:
- In the Azure portal, navigate to oandmopenai > Access control (IAM).
- Find the Cognitive Services OpenAI Contributor role assigned to the Azure AI Search MI (oandmsearch, Object ID: XXXXf8da-XXXX-4d97-XXXX-ac9f1fd9XXXX.), remove it, then add it again: Add role assignment > select Cognitive Services OpenAI Contributor > choose Managed identity > select oandmsearch > Save.
- Wait 30-60 minutes before retrying "Add your data" in Azure AI Studio.
- Deploying an Embedding Model
- If the indexing option is grayed out, it usually indicates that there isn’t an embedding model (such as text-embedding-3-small or text-embedding-ada-002) deployed, which is necessary for vector search:
- Go to Azure OpenAI Studio (or Azure portal > oandmopenai > Model deployments) and check if an embedding model is present.
- If not, select Deploy model, choose text-embedding-3-small, assign it a name (for example, "embedding-model"), and deploy it.
- In Azure AI Studio > Playground > Chat > "Add your data," choose this embedding model when prompted.
- If you only require keyword search, you can turn off vector search in the advanced index settings, but using vector search is recommended.
- Configure the Blob Storage Data Source Path
- To set the correct container path:
- In Azure AI Studio, go to Playground > Chat > "Add your data." Choose Azure Blob Storage, then select your subscription, the resource group (ag-project-rg), and oandmstorage.
- In the Data source field, provide the container name (like "documents") or a subfolder (such as "documents/myfolder") where your files (PDFs, TXT, etc.) are located. Make sure the container exists in oandmstorage and only contains supported file types under 16MB each.
- For example, if your files are in a container named "rag-data," enter "rag-data" or "rag-data/subfolder" if they’re stored in a subfolder.
- Check that the container is not empty, as this may cause validation to fail.
- Additional Checks
- Refresh Azure AI Studio by signing out and back in, or clear your browser cache to remove any cached errors.
- Check MI Status: Make sure the system-assigned MI for oandmsearch is enabled (Azure portal > oandmsearch > Identity > System assigned > Status: On) and that it matches Object ID XXXXf8da-XXXX-4d97-XXXX-ac9f1fd9XXXX.
- If the issue continues, try using the "Import and vectorize data" wizard in Azure AI Studio to create the index separately, then attach it in "Add your data."
- As public endpoints are confirmed, no networking changes are required.
Please follow these steps and make sure to wait for role propagation. Could you please confirm the following:
- The name of any deployed embedding model in oandmopenai
- The specific container or folder path you entered in "Add your data"
- Any new error messages that appear after re-applying the role
Reference :
https://free.blessedness.top/en-us/azure/role-based-access-control/role-assignments-portalhttps://free.blessedness.top/en-us/dotnet/ai/quickstarts/build-chat-app?pivots=openai
https://free.blessedness.top/en-us/azure/ai-foundry/openai/how-to/on-your-data-configuration
Kindly let us know if the above helps or you need further assistance on this issue.
Please "upvote" if the information helped you. This will help us and others in the community as well.
- Re-apply the Cognitive Services OpenAI Contributor role:
-
Craig Colley 0 Reputation points
2025-10-24T13:40:58.4266667+00:00 ok, I'll do all of that on Monday.
I'm also noting that I get this error in the data and index section:
Vector stores
Unable to fetch vector store details Request failed with status code 400. Trace ID : 6da30433-99f3-4037-a837-0138b5ae9e3bClient request ID : 34afaa7f-ef92-4ec2-98f3-7e3776d6a9abAPIM request ID : 26c162bf-d243-412e-ad32-9ccdb85cc958
Vector store objects give the File Search tool the ability to search your files. Adding a file to a vector store automatically parses, chunks, embeds and stores the file in a vector database that's capable of both keyword and semantic search. Each vector store can hold up to 10,000 files. Vector stores can be attached to both Assistants and Threads. Today, you can attach at most one vector store to an assistant and at most one vector store to a thread.
I'm not sure if it's related.
Sign in to comment
Sign in to answer