Assign roles to AI Search administrators and users

  • Release version: Yokohama
  • Updated July 28, 2025
  • 2 minutes to read

    • Grant users the ais_admin, ais_external_content, ais_high_security_admin, and search_application_admin roles so they can configure and manage settings and content for AI Search and search applications.

    Before you begin

    Role required: admin

    About this task

    Users with the following roles can access and configure settings and content for the AI Search application.

    Role Description
    AI Search administrator [ais_admin]
    Manages configuration settings for the AI Search application, including the following:
    • Creates, reads, updates, and deletes indexed sources
    • Creates, reads, updates, and deletes search sources
    • Creates and deletes mappings between search sources and search profiles
    • Creates, reads, updates, and deletes search profiles
    • Creates, reads, updates, and deletes synonym and stop word dictionaries
    • Creates and deletes mappings between dictionaries and search profiles
    • Reads and updates typo handling auto-correction dictionaries linked to search profiles
    • Creates, reads, updates, and deletes Genius Result configurations
    • Creates and deletes mappings between Genius Result configurations and search profiles
    • Creates, reads, updates, and deletes result improvement rules
    • Creates and deletes mappings between result improvement rules and search profiles
    AI Search high security administrator [ais_high_security_admin]
    Accesses High Security settings for AI Search, including the following:
    • Bypasses all search filters from search sources and content security in the Search Preview UI, viewing all search query results available in the AI Search index
    • Reads external content user mapping import history records

    This is an elevated privilege role. Elevated privilege roles aren't assigned to users or groups, and must be used by elevation. For more information on elevated privilege roles, see Elevated privilege roles. To learn about elevation, see Elevate to a privileged role.

    The Instance Security Center Users with High Privilege Roles user metric displays the count of users assigned this role. For more details, see User metrics.
    Search application administrator [search_application_admin]

    Creates, reads, updates, and deletes search application configurations for Zing and AI Search.

    This role includes the ais_admin and personalize_dictionary roles.
    AI Search external content API user [ais_external_content]
    Accesses endpoints for AI Search external content APIs, including the following:

    Assign this role to non-interactive users and integration users who require access to external content API endpoints. For more information on non-interactive users, see Non-interactive sessions. For details on integration users, see Mark service accounts as internal integration users.

    Users with the admin role don't need this role to access external content API endpoints.

    Assign these roles to users and groups to enable them as search administrators or external content API users for AI Search.

    Procedure