You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/machine-learning/concept-endpoints-online-auth.md
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -60,7 +60,7 @@ For control plane operations, you use a Microsoft Entra token to authenticate a
60
60
For control plane operations, your user identity needs to have the proper Azure RBAC role assigned to access your resources. Specifically, for CRUD operations on online endpoints and deployments, the user identity needs to have roles assigned for the following actions:
61
61
62
62
| Operation | Required Azure RBAC role | Scope |
63
-
| -- | -- | -- |
63
+
| ---| ---|--- |
64
64
| Perform create/update operations on online endpoints and deployments. |**Owner**, **Contributor**, or any role allowing `Microsoft.MachineLearningServices/workspaces/onlineEndpoints/write`| Workspace |
65
65
| Perform delete operations on online endpoints and deployments. |**Owner**, **Contributor**, or any role allowing `Microsoft.MachineLearningServices/workspaces/onlineEndpoints/delete`| Workspace |
66
66
| Perform create/update/delete operations on online endpoints and deployments via Azure Machine Learning studio. |**Owner**, **Contributor**, or any role allowing `Microsoft.Resources/deployments/write`| Resource group that contains the workspace |
@@ -103,7 +103,7 @@ For more information on how to authenticate clients for data plane operations, s
103
103
For data plane operations, your user identity needs proper Azure RBAC roles to allow access to your resources only if the endpoint is set to use Microsoft Entra `aad_token`. For data plane operations on online endpoints and deployments, the user identity needs to have a role assigned with the following actions:
104
104
105
105
| Operation | Required Azure RBAC role | Scope |
106
-
| -- | -- | -- |
106
+
| ---| ---|--- |
107
107
| Invoke online endpoints with `key` or Azure Machine Learning `aml_token`. | Doesn't require a role. | Not applicable |
108
108
| Invoke managed online endpoints with Microsoft Entra `aad_token`. |**Owner**, **Contributor**, or any role allowing `Microsoft.MachineLearningServices/workspaces/onlineEndpoints/score/action`| Endpoint |
109
109
| Invoke Kubernetes online endpoints with Microsoft Entra `aad_token`. | Kubernetes online endpoint doesn't support Microsoft Entra token for data plane operations. | Not applicable |
@@ -120,7 +120,7 @@ An online deployment runs your user container with the endpoint identity, that i
120
120
If the endpoint identity is a SAI, the following roles are assigned to the endpoint identity for convenience.
121
121
122
122
| Role | Description | Condition for automatic role assignment |
123
-
| -- | -- | -- |
123
+
| ---| ---|--- |
124
124
| **AcrPull** | Allows the endpoint identity to pull images from the Azure container registry associated with the workspace | The endpoint identity is a SAI.
125
125
| **Storage Blob Data Reader** | Allows the endpoint identity to read blobs from the default datastore of the workspace | The endpoint identity is a SAI.
126
126
| **AzureML Metrics Writer (preview)** | Allows the endpoint identity to write metrics to the workspace | The endpoint identity is a SAI.
0 commit comments