Skip to content

Commit 1b2d388

Browse files
committed
update
1 parent 840f2a5 commit 1b2d388

File tree

1 file changed

+13
-3
lines changed

1 file changed

+13
-3
lines changed

articles/machine-learning/prompt-flow/how-to-create-manage-runtime.md

Lines changed: 13 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -67,12 +67,22 @@ Automatic is the default option for a runtime. You can start an automatic runtim
6767
- If you choose serverless compute, you can set following settings:
6868
- Customize the VM size that the runtime uses.
6969
- Customize the idle time, which saves code by deleting the runtime automatically if it isn't in use.
70-
- Set the user-assigned managed identity. The automatic runtime uses this identity to pull a base image and install packages. Make sure that the user-assigned managed identity has Azure Container Registry pull permission.
71-
72-
If you don't set this identity, we use the user identity by default. [Learn more about how to create and update user-assigned identities for a workspace](../how-to-identity-based-service-authentication.md#to-create-a-workspace-with-multiple-user-assigned-identities-use-one-of-the-following-methods).
70+
- Set the user-assigned managed identity. The automatic runtime uses this identity to pull a base image and install packages. Make sure that the user-assigned managed identity has Azure Container Registry `acrpull` permission. If you don't set this identity, we use the user identity by default. [Learn more about how to create and update user-assigned identities for a workspace](../how-to-identity-based-service-authentication.md#to-create-a-workspace-with-multiple-user-assigned-identities-use-one-of-the-following-methods).
7371

7472
:::image type="content" source="./media/how-to-create-manage-runtime/runtime-creation-automatic-settings.png" alt-text="Screenshot of prompt flow with advanced settings using serverless compute for starting an automatic runtime on a flow page." lightbox = "./media/how-to-create-manage-runtime/runtime-creation-automatic-settings.png":::
7573

74+
> [!TIP]
75+
> The following [Azure RBAC role assignments](../role-based-access-control/role-assignments.md) are required on your user-assigned managed identity for your Azure Machine Learning workspace to access data on the workspace-associated resources.
76+
77+
|Resource|Permission|
78+
|---|---|
79+
|Azure Machine Learning workspace|Contributor|
80+
|Azure Storage|Contributor (control plane) + Storage Blob Data Contributor (data plane, optional, to enable data preview in the Azure Machine Learning studio)|
81+
|Azure Key Vault (when using [RBAC permission model](../key-vault/general/rbac-guide.md))|Contributor (control plane) + Key Vault Administrator (data plane)|
82+
|Azure Key Vault (when using [access policies permission model](../key-vault/general/assign-access-policy.md))|Contributor + any access policy permissions besides **purge** operations|
83+
|Azure Container Registry|Contributor|
84+
|Azure Application Insights|Contributor|
85+
7686
- If you choose compute instance, you can only set idle shutdown time.
7787
- As it is running on an existing compute instance the VM size is fixed and cannot change in runtime side.
7888
- Identity used for this runtime also is defined in compute instance, by default it uses the user identity. [Learn more about how to assign identity to compute instance](../how-to-create-compute-instance.md#assign-managed-identity)

0 commit comments

Comments
 (0)