Merge pull request #276442 from cloga/lochen/credential-less-new

add more screenshots

Author: ttorble

articles/machine-learning/prompt-flow/media/faq/datastore-update-auth-type.png

@@ -275,11 +275,15 @@ If you encounter an error like "Access denied to list workspace secret", check w
 
 You can follow [Identity-based data authentication](../how-to-administrate-data-authentication.md#identity-based-data-authentication) this part to make your datastore credential-less. 
 
-You need to change auth type of datastore to None, which stands for meid_token based auth. For blob/adls gen1/adls gen2 based datastore (at least for `workspaceblobstore` and `workspaceartifactstore`), you can make change from datastore detail page, or CLI/SDK: https://github.com/Azure/azureml-examples/tree/main/cli/resources/datastore
+You need to change auth type of datastore to None, which stands for meid_token based auth. 
 
 :::image type="content" source="./media/faq/datastore-auth-type.png" alt-text="Screenshot of auth type for datastore. " lightbox = "./media/faq/datastore-auth-type.png":::
 
-For fileshare based datastore (at least for `workspaceworkingdirectory`), you can only change auth type for REST API: [datastores-create-or-update](/rest/api/azureml/datastores/create-or-update?tabs=HTTP#code-try-0). You can first use [datastores-get](/rest/api/azureml/datastores/get?tabs=HTTP#code-try-0) to get the body properties of datastore, then change `"credentialsType": "None"`, `subscriptionId`, `accountName` and `"serviceDataAccessAuthIdentity": "WorkspaceSystemAssignedIdentity"`, also need to specify 
+For blob/adls gen1/adls gen2 based datastore (at least for `workspaceblobstore` and `workspaceartifactstore`), you can make change from datastore detail page, or CLI/SDK: https://github.com/Azure/azureml-examples/tree/main/cli/resources/datastore
+
+:::image type="content" source="./media/faq/datastore-update-auth-type.png" alt-text="Screenshot of update auth type for datastore. " lightbox = "./media/faq/datastore-update-auth-type.png":::
+
+For fileshare based datastore (at least for `workspaceworkingdirectory`), you can only change auth type for REST API: [datastores-create-or-update](/rest/api/azureml/datastores/create-or-update?tabs=HTTP#code-try-0). You can first use [datastores-get](/rest/api/azureml/datastores/get?tabs=HTTP#code-try-0) to get the body properties of datastore, then change `"credentialsType": "None"`, also need to specify `subscriptionId`, `accountName` and `"serviceDataAccessAuthIdentity": "WorkspaceSystemAssignedIdentity"`.
 
 :::image type="content" source="./media/faq/datastore-update-rest.png" alt-text="Screenshot of rest for datastore update. " lightbox = "./media/faq/datastore-update-rest.png":::
 
@@ -290,9 +294,9 @@ To use credential-less datastore in prompt flow, you need to grant enough permis
 - Make sure workspace system assigned managed identity have  `Storage Blob Data Contributor` and `Storage File Data Privileged Contributor` on the storage account, at least need read/write (better also include delete) permission.
 - If you're using user identity this default option in prompt flow, you need to make sure the user identity has following role on the storage account:
     - `Storage Blob Data Contributor` on the storage account, at least need read/write (better also include delete) permission.
-    - `Storage File Data Privileged Contributor` on the storage account, at least need read/write (better also include delete) permission
+    - `Storage File Data Privileged Contributor` on the storage account, at least need read/write (better also include delete) permission.
 - If you're using user assigned managed identity, you need to make sure the managed identity has following role on the storage account:
     - `Storage Blob Data Contributor` on the storage account, at least need read/write (better also include delete) permission.
-    - `Storage File Data Privileged Contributor` on the storage account, at least need read/write (better also include delete) permission
+    - `Storage File Data Privileged Contributor` on the storage account, at least need read/write (better also include delete) permission.
     - Meanwhile, you need to assign user identity `Storage Blob Data Read` role to storage account at least, if your want use prompt flow to authoring and test flow.
 - If you still can't view the flow detail page and the first time you using prompt flow is earlier than 2024-01-01, you need to grant workspace MSI as `Storage Table Data Contributor` to storage account linked with workspace.