You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/machine-learning/how-to-assign-roles.md
+9-8Lines changed: 9 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -69,10 +69,10 @@ You can use Azure AD security groups to manage access to workspaces. This approa
69
69
* Using Azure AD groups helps you to avoid reaching the [subscription limit](../role-based-access-control/troubleshooting.md#limits) on role assignments.
70
70
71
71
To use Azure AD security groups:
72
-
1.[Create a security group](../active-directory/fundamentals/active-directory-groups-create-azure-portal.md).
73
-
2.[Add a group owner](../active-directory/fundamentals/active-directory-accessmanagement-managing-group-owners.md). This user has permissions to add or remove group members. Note that the group owner isn't required to be group member, or have direct RBAC role on the workspace.
72
+
1.[Create a security group](../active-directory/fundamentals/active-directory-groups-view-azure-portal.md).
73
+
2.[Add a group owner](../active-directory/fundamentals/how-to-manage-groups.md#add-or-remove-members-and-owners). This user has permissions to add or remove group members. Note that the group owner isn't required to be group member, or have direct RBAC role on the workspace.
74
74
3. Assign the group an RBAC role on the workspace, such as AzureML Data Scientist, Reader or Contributor.
75
-
4.[Add group members](../active-directory/fundamentals/active-directory-groups-members-azure-portal.md). The members consequently gain access to the workspace.
75
+
4.[Add group members](../active-directory/fundamentals/how-to-manage-groups.md#add-or-remove-members-and-owners). The members consequently gain access to the workspace.
76
76
77
77
## Create custom role
78
78
@@ -109,10 +109,11 @@ To create a custom role, first construct a role definition JSON file that specif
109
109
110
110
This custom role can do everything in the workspace except for the following actions:
111
111
112
-
- It can't create or update a compute resource.
113
-
- It can't delete a compute resource.
114
-
- It can't add, delete, or alter role assignments.
115
112
- It can't delete the workspace.
113
+
- It can't create or update the workspace.
114
+
- It can't create or update compute resources.
115
+
- It can't delete compute resources.
116
+
- It can't add, delete, or alter role assignments.
116
117
117
118
To deploy this custom role, use the following Azure CLI command:
118
119
@@ -190,7 +191,7 @@ The following table is a summary of Azure Machine Learning activities and the pe
190
191
191
192
1: If you receive a failure when trying to create a workspace for the first time, make sure that your role allows `Microsoft.MachineLearningServices/register/action`. This action allows you to register the Azure Machine Learning resource provider with your Azure subscription.
192
193
193
-
2: When attaching an AKS cluster, you also need to the [Azure Kubernetes Service Cluster Admin Role](../role-based-access-control/built-in-roles.md#azure-kubernetes-service-cluster-admin-role) on the cluster.
194
+
2: When attaching an AKS cluster, you also need to have the [Azure Kubernetes Service Cluster Admin Role](../role-based-access-control/built-in-roles.md#azure-kubernetes-service-cluster-admin-role) on the cluster.
194
195
195
196
### Differences between actions for V1 and V2 APIs
196
197
@@ -200,7 +201,7 @@ There are certain differences between actions for V1 APIs and V2 APIs.
0 commit comments