fix

Mingwei He · Mingwei He · commit 47a13f533171 · 2023-05-23T16:27:23.000-07:00
diff --git a/articles/machine-learning/how-to-identity-based-service-authentication.md b/articles/machine-learning/how-to-identity-based-service-authentication.md
@@ -62,17 +62,17 @@ For automated creation of role assignments on your user-assigned managed identit
 > [!TIP]
 > For a workspace with [customer-managed keys for encryption](concept-data-encryption.md), you can pass in a user-assigned managed identity to authenticate from storage to Key Vault. Use the `user-assigned-identity-for-cmk-encryption` (CLI) or `user_assigned_identity_for_cmk_encryption` (SDK) parameters to pass in the managed identity. This managed identity can be the same or different as the workspace primary user assigned managed identity.
 
-To create or update a workspace with user assigned identity/identities, use one of the following methods:
+#### To create a workspace with multiple user assigned identities, use one of the following methods:
 
 # [Azure CLI](#tab/cli)
 
 [!INCLUDE [cli v2](../../includes/machine-learning-cli-v2.md)]
 
 ```azurecli
-az ml workspace create/update -f workspace_uai.yml --subscription <subscription ID> --resource-group <resource group name> --name <workspace name>
+az ml workspace create -f workspace_creation_with_multiple_UAIs.yml --subscription <subscription ID> --resource-group <resource group name> --name <workspace name>
 ```
 
-Where the contents of *workspace_uai.yml* are as follows:
+Where the contents of *workspace_creation_with_multiple_UAIs.yml* are as follows:
 
 ```yaml
 location: <region name>
@@ -81,14 +81,12 @@ identity:
    user_assigned_identities:
     '<UAI resource ID 1>': {}
     '<UAI resource ID 2>': {}
+storage_account: <storage acccount resource ID>
+key_vault: <key vault resource ID>
+image_build_compute: <compute(virtual machine) resource ID>
 primary_user_assigned_identity: <one of the UAI resource IDs in the above list>
 ```
 
-> [!TIP]
-> To add a new UAI, you can specify the new UAI ID under the section user_assigned_identities in addition to the existing UAIs, it's required to pass all the existing UAI IDs.<br>
-To delete one or more existing UAIs, you can put the UAI IDs which needs to be preserved under the section user_assigned_identities, the rest UAI IDs would be deleted.<br>
-To update identity type from SAI to UAI|SAI, you can change type from "user_assigned" to "system_assigned, user_assigned".
-
 # [Python SDK](#tab/python)
 
 [!INCLUDE [sdk v2](../../includes/machine-learning-sdk-v2.md)]
@@ -100,11 +98,49 @@ sub_id="<subscription ID>"
 rg_name="<resource group name>"
 ws_name="<workspace name>"
 client = MLClient(DefaultAzureCredential(), sub_id, rg_name)
-# create a workspace with identity type UAI
-wps = load_workspace("workspace_uai.yml")
+wps = load_workspace("workspace_creation_with_multiple_UAIs.yml")
 workspace = client.workspaces.begin_create(workspace=wps).result()
-# update
-wps = load_workspace("workspace_uai.yml")
+```
+
+# [Studio](#tab/azure-studio)
+
+Not supported currently.
+
+---
+
+#### To update user assigned identities for a workspace, includes adding a new one or deleting the existing ones, use one of the following methods:
+
+# [Azure CLI](#tab/cli)
+
+[!INCLUDE [cli v2](../../includes/machine-learning-cli-v2.md)]
+
+```azurecli
+az ml workspace update -f workspace_update_with_multiple_UAIs.yml --subscription <subscription ID> --resource-group <resource group name> --name <workspace name>
+```
+
+Where the contents of *workspace_update_with_multiple_UAIs.yml* are as follows:
+
+```yaml
+identity:
+   type: user_assigned
+   user_assigned_identities:
+    '<UAI resource ID 1>': {}
+    '<UAI resource ID 2>': {}
+primary_user_assigned_identity: <one of the UAI resource IDs in the above list>
+```
+
+# [Python SDK](#tab/python)
+
+[!INCLUDE [sdk v2](../../includes/machine-learning-sdk-v2.md)]
+
+```python
+from azure.ai.ml import MLClient, load_workspace
+from azure.identity import DefaultAzureCredential
+sub_id="<subscription ID>"
+rg_name="<resource group name>"
+ws_name="<workspace name>"
+client = MLClient(DefaultAzureCredential(), sub_id, rg_name)
+wps = load_workspace("workspace_update_with_multiple_UAIs.yml")
 workspace = client.workspaces.begin_update(workspace=wps).result()
 ```
 
@@ -114,6 +150,11 @@ Not supported currently.
 
 ---
 
+> [!TIP]
+> To add a new UAI, you can specify the new UAI ID under the section user_assigned_identities in addition to the existing UAIs, it's required to pass all the existing UAI IDs.<br>
+To delete one or more existing UAIs, you can put the UAI IDs which needs to be preserved under the section user_assigned_identities, the rest UAI IDs would be deleted.<br>
+To update identity type from SAI to UAI|SAI, you can change type from "user_assigned" to "system_assigned, user_assigned".
+
 ### Compute cluster
 
 > [!NOTE]
