You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/machine-learning/prompt-flow/troubleshoot-guidance.md
+4-2Lines changed: 4 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -279,18 +279,20 @@ You need to change auth type of datastore to None, which stands for meid_token b
279
279
280
280
:::image type="content" source="./media/faq/datastore_auth_type.png" alt-text="Screenshot of auth type for datastore. " lightbox = "./media/faq/datastore_auth_type.png":::
281
281
282
-
For fileshare based datastore (at least for `workspaceworkingdirectory`), you can only change auth type for REST API: [datastores-create-or-update](/rest/api/azureml/datastores/create-or-update?tabs=HTTP#code-try-0). You can first use [datastores-get](/rest/api/azureml/datastores/get?tabs=HTTP#code-try-0) to get the body properties of datastore, then change `"credentialsType": "None"`and `"serviceDataAccessAuthIdentity": "WorkspaceSystemAssignedIdentity"`.
282
+
For fileshare based datastore (at least for `workspaceworkingdirectory`), you can only change auth type for REST API: [datastores-create-or-update](/rest/api/azureml/datastores/create-or-update?tabs=HTTP#code-try-0). You can first use [datastores-get](/rest/api/azureml/datastores/get?tabs=HTTP#code-try-0) to get the body properties of datastore, then change `"credentialsType": "None"`, `subscriptionId`, `accountName` and `"serviceDataAccessAuthIdentity": "WorkspaceSystemAssignedIdentity"`, also need to specify
283
283
284
284
:::image type="content" source="./media/faq/datastore-update-rest.png" alt-text="Screenshot of rest for datastore update. " lightbox = "./media/faq/datastore-update-rest.png":::
285
285
286
286
#### Grant permission to user identity or managed identity
287
287
288
288
To use credential-less datastore in prompt flow, you need to grant enough permissions to user identity or managed identity to access the datastore.
289
+
290
+
- Make sure workspace system assigned managed identity have `Storage Blob Data Contributor` and `Storage File Data Privileged Contributor` on the storage account, at least need read/write (better also include delete) permission.
289
291
- If you're using user identity this default option in prompt flow, you need to make sure the user identity has following role on the storage account:
290
292
- `Storage Blob Data Contributor`on the storage account, at least need read/write (better also include delete) permission.
291
293
- `Storage File Data Privileged Contributor`on the storage account, at least need read/write (better also include delete) permission
292
294
- If you're using user assigned managed identity, you need to make sure the managed identity has following role on the storage account:
293
295
- `Storage Blob Data Contributor`on the storage account, at least need read/write (better also include delete) permission.
294
296
- `Storage File Data Privileged Contributor`on the storage account, at least need read/write (better also include delete) permission
295
-
- Meanwhile, you need to assign user identity `Storage Blob Data Read` role to storage account, if your want use prompt flow to authoring and test flow.
297
+
- Meanwhile, you need to assign user identity `Storage Blob Data Read` role to storage account at least, if your want use prompt flow to authoring and test flow.
296
298
- If you still can't view the flow detail page and the first time you using prompt flow is earlier than 2024-01-01, you need grant workspace MSI as `Storage File Data Privileged Contributor` to storage account linked with workspace.
0 commit comments