You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/machine-learning/prompt-flow/troubleshoot-guidance.md
+4-3Lines changed: 4 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -275,11 +275,11 @@ If you encounter an error like "Access denied to list workspace secret", check w
275
275
276
276
You can follow [Identity-based data authentication](../how-to-administrate-data-authentication.md#identity-based-data-authentication) this part to make your datastore credential-less.
277
277
278
-
You need to change auth type of datastore to None, which stands for meid_token based auth. For blob/adls gen1/adls gen2 based datastore (at least for `workspaceblobstore`), you can make change from datastore detail page, or CLI/SDK: https://github.com/Azure/azureml-examples/tree/main/cli/resources/datastore
278
+
You need to change auth type of datastore to None, which stands for meid_token based auth. For blob/adls gen1/adls gen2 based datastore (at least for `workspaceblobstore` and `workspaceartifactstore`), you can make change from datastore detail page, or CLI/SDK: https://github.com/Azure/azureml-examples/tree/main/cli/resources/datastore
279
279
280
280
:::image type="content" source="./media/faq/datastore_auth_type.png" alt-text="Screenshot of auth type for datastore. " lightbox = "./media/faq/datastore_auth_type.png":::
281
281
282
-
For fileshare based datastore (at least for `workspaceworkingdirectory`), you can only change auth type for REST API: [datastores-create-or-update](/rest/api/azureml/datastores/create-or-update?tabs=HTTP#code-try-0). You can first use [datastores-get](/rest/api/azureml/datastores/get?tabs=HTTP#code-try-0) to get the body properties of datastore, then change `"credentialsType": "None"`.
282
+
For fileshare based datastore (at least for `workspaceworkingdirectory`), you can only change auth type for REST API: [datastores-create-or-update](/rest/api/azureml/datastores/create-or-update?tabs=HTTP#code-try-0). You can first use [datastores-get](/rest/api/azureml/datastores/get?tabs=HTTP#code-try-0) to get the body properties of datastore, then change `"credentialsType": "None"` and `"serviceDataAccessAuthIdentity": "WorkspaceSystemAssignedIdentity"`.
283
283
284
284
:::image type="content" source="./media/faq/datastore-update-rest.png" alt-text="Screenshot of rest for datastore update. " lightbox = "./media/faq/datastore-update-rest.png":::
285
285
@@ -292,4 +292,5 @@ To use credential-less datastore in prompt flow, you need to grant enough permis
292
292
- If you're using user assigned managed identity, you need to make sure the managed identity has following role on the storage account:
293
293
- `Storage Blob Data Contributor`on the storage account, at least need read/write (better also include delete) permission.
294
294
- `Storage File Data Privileged Contributor`on the storage account, at least need read/write (better also include delete) permission
295
-
- Meanwhile, you need to assign user identity `Storage Blob Data Read` role to storage account, if your want use prompt flow to authoring and test flow.
295
+
- Meanwhile, you need to assign user identity `Storage Blob Data Read` role to storage account, if your want use prompt flow to authoring and test flow.
296
+
- If you still can't view the flow detail page and the first time you using prompt flow is earlier than 2024-01-01, you need grant workspace MSI as `Storage File Data Privileged Contributor` to storage account linked with workspace.
0 commit comments