optimize docs for UAI workspace

Mingwei He · Mingwei He · commit 2afbb714ed9b · 2023-05-19T17:42:53.000-07:00
diff --git a/articles/machine-learning/how-to-identity-based-service-authentication.md b/articles/machine-learning/how-to-identity-based-service-authentication.md
@@ -62,34 +62,33 @@ For automated creation of role assignments on your user-assigned managed identit
 > [!TIP]
 > For a workspace with [customer-managed keys for encryption](concept-data-encryption.md), you can pass in a user-assigned managed identity to authenticate from storage to Key Vault. Use the `user-assigned-identity-for-cmk-encryption` (CLI) or `user_assigned_identity_for_cmk_encryption` (SDK) parameters to pass in the managed identity. This managed identity can be the same or different as the workspace primary user assigned managed identity.
 
-To create a workspace with user assigned identity, use one of the following methods:
+To create or update a workspace with user assigned identity/identities, use one of the following methods:
 
 # [Azure CLI](#tab/cli)
 
 [!INCLUDE [cli v2](../../includes/machine-learning-cli-v2.md)]
 
 ```azurecli
-az ml workspace create -f workspace_uai.yml
+az ml workspace create/update -f workspace_uai.yml --subscription <subscription ID> --resource-group <resource group name> --name <workspace name>
 ```
 
 Where the contents of *workspace_uai.yml* are as follows:
 
 ```yaml
-name: <workspace name>
 location: <region name>
-resource_group: <resource group name>
 identity:
    type: user_assigned
-   tenant_id: <tenant ID>
    user_assigned_identities:
     '<UAI resource ID 1>': {}
     '<UAI resource ID 2>': {}
-storage_account: <storage acccount resource ID>
-key_vault: <key vault resource ID>
-image_build_compute: <compute(virtual machine) resource ID>
 primary_user_assigned_identity: <one of the UAI resource IDs in the above list>
 ```
 
+> [!TIP]
+> To add a new UAI, you can specify the new UAI ID under the section user_assigned_identities in addition to the existing UAIs, it's required to pass all the existing UAI IDs.<br>
+To delete one or more existing UAIs, you can put the UAI IDs which needs to be preserved under the section user_assigned_identities, the rest UAI IDs would be deleted.<br>
+To update identity type from SAI to UAI|SAI, you can change type from "user_assigned" to "system_assigned, user_assigned".
+
 # [Python SDK](#tab/python)
 
 [!INCLUDE [sdk v2](../../includes/machine-learning-sdk-v2.md)]
@@ -101,31 +100,14 @@ sub_id="<subscription ID>"
 rg_name="<resource group name>"
 ws_name="<workspace name>"
 client = MLClient(DefaultAzureCredential(), sub_id, rg_name)
+# create a workspace with identity type UAI
 wps = load_workspace("workspace_uai.yml")
 workspace = client.workspaces.begin_create(workspace=wps).result()
-# update SAI workspace to SAI&UAI workspace
-wps = load_workspace("workspace_sai_and_uai.yml")
+# update
+wps = load_workspace("workspace_uai.yml")
 workspace = client.workspaces.begin_update(workspace=wps).result()
 ```
 
-Where the contents of *workspace_sai_and_uai.yml* are as follows:
-
-```yaml
-name: <workspace name>
-location: <region name>
-resource_group: <resource group name>
-identity:
-   type: system_assigned, user_assigned
-   tenant_id: <tenant ID>
-   user_assigned_identities:
-    '<UAI resource ID 1>': {}
-    '<UAI resource ID 2>': {}
-storage_account: <storage acccount resource ID>
-key_vault: <key vault resource ID>
-image_build_compute: <compute(virtual machine) resource ID>
-primary_user_assigned_identity: <one of the UAI resource IDs in the above list>
-```
-
 # [Studio](#tab/azure-studio)
 
 Not supported currently.
