Skip to content

updating the RBAC +ABAC scenario of ACR #510

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

updating the RBAC +ABAC scenario of ACR #510

wants to merge 2 commits into from

Conversation

sanjayananthamurthy
Copy link
Contributor

the acrpull wont work if container is configured for ABAC the identity should have the Container Registry Repository Contributor role

@sanjayananthamurthy
updating the RBAC +ABAC scenario of ACR
18d03ea 
the acrpull wont work if container is configured for ABAC the identity should have the **Container Registry Repository Contributor** role
@prmerger-automator prmerger-automator bot requested review from s-polly and dem108 August 1, 2025 04:59
@prmerger-automator PRMerger Automator
Copy link
Contributor

@sanjayananthamurthy : Thanks for your contribution! The author(s) and reviewer(s) have been notified to review your proposed change.

@learn-build-service-prod Learn Build Service (PROD)
Copy link
Contributor

Learn Build status updates of commit 18d03ea:

💡 Validation status: suggestions

File Status Preview URL Details
articles/machine-learning/concept-endpoints-online-auth.md 💡Suggestion Details

articles/machine-learning/concept-endpoints-online-auth.md

  • Line 119, Column 53: [Suggestion: docs-link-absolute - See documentation] Absolute link 'https://learn.microsoft.com/azure/container-registry/container-registry-rbac-abac-repository-permissions?tabs=azure-portal' will be broken in isolated environments. Replace with a relative link.
  • Line 121, Column 3: [Suggestion: docs-link-absolute - See documentation] Absolute link 'https://learn.microsoft.com/azure/container-registry/media/container-registry-rbac-abac-repository-permissions/rbac-abac-repository-permissions-02-update-registry.png' will be broken in isolated environments. Replace with a relative link.

For more details, please refer to the build report.

Note: Your PR may contain errors or warnings or suggestions unrelated to the files you changed. This happens when external dependencies like GitHub alias, Microsoft alias, cross repo links are updated. Please use these instructions to resolve them.

@v-dirichards
Copy link
Contributor

@s-polly

Can you review the proposed changes?

Note: The new alt text needs to be updated to match Microsoft standards.

Important: When the changes are ready for publication, adding a #sign-off comment is the best way to signal that the PR is ready for the review team to merge.

#label:"aq-pr-triaged"
@MicrosoftDocs/public-repo-pr-review-team

@prmerger-automator prmerger-automator bot added the aq-pr-triaged C+L Pull Request Review Team label label Aug 1, 2025
@sanjayananthamurthy
Copy link
Contributor Author

#sign-off

@prmerger-automator PRMerger Automator
Copy link
Contributor

Invalid command: '#sign-off'. Only the assigned author of one or more file in this PR can sign off. @s-polly

v-regandowner
v-regandowner reviewed Aug 8, 2025
View reviewed changes
v-regandowner
v-regandowner reviewed Aug 8, 2025
View reviewed changes
v-regandowner
v-regandowner reviewed Aug 8, 2025
View reviewed changes
v-regandowner
v-regandowner reviewed Aug 8, 2025
View reviewed changes
v-regandowner
v-regandowner reviewed Aug 8, 2025
View reviewed changes
v-regandowner
v-regandowner reviewed Aug 8, 2025
View reviewed changes
v-regandowner
v-regandowner reviewed Aug 8, 2025
View reviewed changes
v-regandowner
v-regandowner reviewed Aug 8, 2025
View reviewed changes
@learn-build-service-prod Learn Build Service (PROD)
Copy link
Contributor

Learn Build status updates of commit 40380d4:

✅ Validation status: passed

File Status Preview URL Details
articles/machine-learning/concept-endpoints-online-auth.md ✅Succeeded

For more details, please refer to the build report.

@v-regandowner
Copy link
Contributor

Hi @sanjayananthamurthy - In the public repo, pull requests should be signed off by the author, another member of the content team, or a PM.

@dem108 - Could you take a look? Thanks!

dem108
dem108 suggested changes Aug 8, 2025
View reviewed changes
articles/machine-learning/concept-endpoints-online-auth.md
>
> ![Screenshot showing an ABAC permission on container.](/azure/container-registry/media/container-registry-rbac-abac-repository-permissions/rbac-abac-repository-permissions-02-update-registry.png)
>
>In this case some existing role assignments aren't honored or will have different effects, because a different set of ACR built-in roles apply to ABAC-enabled registries.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
>In this case some existing role assignments aren't honored or will have different effects, because a different set of ACR built-in roles apply to ABAC-enabled registries.
>In this case, some existing role assignments aren't honored or will have different effects, because a different set of ACR built-in roles apply to ABAC-enabled registries.

articles/machine-learning/concept-endpoints-online-auth.md
> [!IMPORTANT]
> If you configure your Container registry to use **[RBAC Registry + ABAC Repository Permissions](/azure/container-registry/container-registry-rbac-abac-repository-permissions?tabs=azure-portal)**
>
> ![Screenshot showing an ABAC permission on container.](/azure/container-registry/media/container-registry-rbac-abac-repository-permissions/rbac-abac-repository-permissions-02-update-registry.png)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This image doesn't exist. Please replace it with a valid one.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@v-regandowner v-regandowner v-regandowner left review comments

@dem108 dem108 dem108 requested changes

@s-polly s-polly Awaiting requested review from s-polly

Assignees

@dem108 dem108

@s-polly s-polly

Labels
aq-pr-triaged C+L Pull Request Review Team label azure-machine-learning/svc Change sent to author do-not-merge inferencing/subsvc
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@sanjayananthamurthy @v-dirichards @v-regandowner @dem108 @s-polly